[Dovecot] login fails when username has apostrophe

Robert Schetterer robert at schetterer.org
Wed Jan 7 01:26:00 EET 2009 

Karl Latiss schrieb:
> Sorry to bump so quickly but I have a handful of users who can't log in 
> at the moment and would like to get this fixed.
> 
> Am I missing a config option or is this a bug? The only reference I can 
> find in the mailing list archives is that this configuration should be 
> supported.
> 
> Karl.
> 
> --------------------------------------------------------------
> 
> Hi
> 
> I've added the apostrophe character to auth_username_chars however
> authentication still fails. I'm using LDAP with the following details:
> 
> dovecot version 1.1.7
> openldap client library 2.4.11
> 
> With auth_verbose = yes and auth_debug = yes set I see the following in
> the logs. Note the initial escaped apostrophe and the subsequent escaped
> escape in the filter!
> 
> ----- start log -----
> Jan  5 16:15:05 www-example1 dovecot: auth(default): client in: AUTH
> 1       PLAIN   service=imap    lip=10.1.1.180  rip=10.3.96.60
> lport=143       rport=48733     resp=<hidden>
> 
> Jan  5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o
> \'reilly at example.com,10.3.96.60): pass search: base=dc=example, dc=com
> scope=subtree filter=(&(objectClass=qmailUser)(uid=julie.o\\'reilly))
> field
> s=mail,userPassword
> 
> Jan  5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o
> \'reilly at example.com,10.3.96.60): unknown user
> 
> Jan  5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL
> 1       user=julie.o\'reilly at example.com
> failed, 1 attempts): user=<julie.o\'reilly at example.com>, method=PLAIN,
> rip=10.3.96.60, lip=10.1.1.180
> ----- end log -----
> 
> Users without apostrophes can authenticate successfully. If I've missed
> anything please let me know.
> 
> # dovecot -n
> # 1.1.7: /usr/local/etc/dovecot.conf
> # OS: FreeBSD 7.0-RELEASE amd64  ufs
> protocols: imap
> listen: 10.1.1.180
> ssl_disable: yes
> disable_plaintext_auth: no
> login_dir: /var/run/dovecot/login
> login_executable: /usr/local/libexec/dovecot/imap-login
> login_greeting_capability: yes
> verbose_proctitle: yes
> first_valid_uid: 999
> first_valid_gid: 999
> mail_privileged_group: mail
> mail_uid: 999
> mail_gid: 999
> mail_location: maildir:/usr/home/vmail/%Ld/%Ln
> imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
> auth default:
>   mechanisms: plain login
>   username_chars:
> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@'
>   username_format: %Lu
>   passdb:
>     driver: ldap
>     args: /usr/local/etc/dovecot-ldap.conf
>   userdb:
>     driver: ldap
>     args: /usr/local/etc/dovecot-ldap.conf
>   socket:
>     type: listen
>     client:
>       path: /var/run/dovecot/auth-client
>       mode: 432
>     master:
>       path: /var/run/dovecot/auth-master
>       mode: 384
>       user: vmail
> 
> # grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf 
> uris = ldap://www-example1:389
> dn = uid=xxxx,dc=example,dc=com
> dnpass = xxxx
> sasl_bind = no
> tls = no
> auth_bind = no
> ldap_version = 3
> base = dc=example, dc=com
> user_attrs = homeDirectory=home=/usr/home/vmail/%L
> $,mailMessageStore=mail=maildir:/usr/home/vmail/%L$,=uid=999,=gid=999
> user_filter = (&(objectClass=qmailUser)(uid=%n))
> pass_attrs = mail=user,userPassword=password
> pass_filter = (&(objectClass=qmailUser)(uid=%n))
> default_pass_scheme = PLAIN
> 

just for quick testing try set auth_username_chars empty i.e
auth_username_chars =
in dovecot.conf

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

More information about the dovecot mailing list