} callback;
unsigned int entries;
+ bool require_password;
};
static void
"pass_filter matched multiple objects, aborting");
passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
} else if (auth_request->passdb_password == NULL &&
+ ldap_request->require_password &&
!auth_fields_exists(auth_request->extra_fields, "nopassword")) {
auth_request_log_info(auth_request, AUTH_SUBSYS_DB,
"No password returned (and no nopassword)");
}
static void ldap_lookup_pass(struct auth_request *auth_request,
- struct passdb_ldap_request *request)
+ struct passdb_ldap_request *request,
+ bool require_password)
{
struct passdb_module *_module = auth_request->passdb->passdb;
struct ldap_passdb_module *module =
const char **attr_names = (const char **)conn->pass_attr_names;
string_t *str;
+ srequest->require_password = require_password;
srequest->request.type = LDAP_REQUEST_TYPE_SEARCH;
vars = auth_request_get_var_expand_table(auth_request, ldap_escape);
ldap_request->request.ldap.auth_request = request;
if (!conn->set.auth_bind)
- ldap_lookup_pass(request, ldap_request);
+ ldap_lookup_pass(request, ldap_request, TRUE);
else if (conn->set.auth_bind_userdn == NULL)
ldap_bind_lookup_dn(request, ldap_request);
else
lookup_credentials_callback_t *callback)
{
struct passdb_ldap_request *ldap_request;
+ bool require_password;
ldap_request = p_new(request->pool, struct passdb_ldap_request, 1);
ldap_request->callback.lookup_credentials = callback;
auth_request_ref(request);
ldap_request->request.ldap.auth_request = request;
- ldap_lookup_pass(request, ldap_request);
+ /* with auth_bind=yes we don't necessarily have a password.
+ this will fail actual password credentials lookups, but it's fine
+ for passdb lookups done by lmtp/doveadm */
+ require_password = !conn->set.auth_bind;
+ ldap_lookup_pass(request, ldap_request, require_password);
}
static struct passdb_module *
projects / thirdparty / dovecot / core.git / commitdiff
