Hello,

i encountered the following issue. When authenticating sogo against OTPme (https://github.com/the2nd/otpme) via ldap with different token types (static password and OTP), the authentication with the second token fails with the following error:

<0x0x55b150d6a790[SOGoDAVAuthenticator]> tried wrong password for user 'username'!

The problem seems to be the following:

1. a request is sent to sogo by DAVx5 with a static password
2. sogo verifies the password against ldap
3. on success sogo caches the password (hash)
4. a request is sent to sogo by the sogo webinterface with an OTP as password
5. sogo compares the OTP hash with the cached password hash and fails with "tried wrong password " error
6. no ldap request is done

As a workaround i set SOGoCacheCleanupInterval = 1; which fixes the issue but puts a lot more load on the ldap server.

So i would like to ask, if it would be possible to add a configuration parameter to control the behavior of sogo in case the request password (hash) does not match the cached password hash. Failing with "tried wrong password " makes it impossible to use sogo with different token types. So adding an option to change the behavior to "try ldap auth if password_hash != cached_hash" would fix the issue.

I think the same error should appear, if a user tries to login shortly after changing its password, while the old password is still cached. But i have not tested it.

Regards
the2nd