[Dovecot] login fails when username has apostrophe
Robert Schetterer
robert at schetterer.org
Wed Jan 7 01:26:00 EET 2009
Karl Latiss schrieb:
> Sorry to bump so quickly but I have a handful of users who can't log in
> at the moment and would like to get this fixed.
>
> Am I missing a config option or is this a bug? The only reference I can
> find in the mailing list archives is that this configuration should be
> supported.
>
> Karl.
>
> --------------------------------------------------------------
>
> Hi
>
> I've added the apostrophe character to auth_username_chars however
> authentication still fails. I'm using LDAP with the following details:
>
> dovecot version 1.1.7
> openldap client library 2.4.11
>
> With auth_verbose = yes and auth_debug = yes set I see the following in
> the logs. Note the initial escaped apostrophe and the subsequent escaped
> escape in the filter!
>
> ----- start log -----
> Jan 5 16:15:05 www-example1 dovecot: auth(default): client in: AUTH
> 1 PLAIN service=imap lip=10.1.1.180 rip=10.3.96.60
> lport=143 rport=48733 resp=<hidden>
>
> Jan 5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o
> \'reilly at example.com,10.3.96.60): pass search: base=dc=example, dc=com
> scope=subtree filter=(&(objectClass=qmailUser)(uid=julie.o\\'reilly))
> field
> s=mail,userPassword
>
> Jan 5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o
> \'reilly at example.com,10.3.96.60): unknown user
>
> Jan 5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL
> 1 user=julie.o\'reilly at example.com
> failed, 1 attempts): user=<julie.o\'reilly at example.com>, method=PLAIN,
> rip=10.3.96.60, lip=10.1.1.180
> ----- end log -----
>
> Users without apostrophes can authenticate successfully. If I've missed
> anything please let me know.
>
> # dovecot -n
> # 1.1.7: /usr/local/etc/dovecot.conf
> # OS: FreeBSD 7.0-RELEASE amd64 ufs
> protocols: imap
> listen: 10.1.1.180
> ssl_disable: yes
> disable_plaintext_auth: no
> login_dir: /var/run/dovecot/login
> login_executable: /usr/local/libexec/dovecot/imap-login
> login_greeting_capability: yes
> verbose_proctitle: yes
> first_valid_uid: 999
> first_valid_gid: 999
> mail_privileged_group: mail
> mail_uid: 999
> mail_gid: 999
> mail_location: maildir:/usr/home/vmail/%Ld/%Ln
> imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
> auth default:
> mechanisms: plain login
> username_chars:
> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@'
> username_format: %Lu
> passdb:
> driver: ldap
> args: /usr/local/etc/dovecot-ldap.conf
> userdb:
> driver: ldap
> args: /usr/local/etc/dovecot-ldap.conf
> socket:
> type: listen
> client:
> path: /var/run/dovecot/auth-client
> mode: 432
> master:
> path: /var/run/dovecot/auth-master
> mode: 384
> user: vmail
>
> # grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf
> uris = ldap://www-example1:389
> dn = uid=xxxx,dc=example,dc=com
> dnpass = xxxx
> sasl_bind = no
> tls = no
> auth_bind = no
> ldap_version = 3
> base = dc=example, dc=com
> user_attrs = homeDirectory=home=/usr/home/vmail/%L
> $,mailMessageStore=mail=maildir:/usr/home/vmail/%L$,=uid=999,=gid=999
> user_filter = (&(objectClass=qmailUser)(uid=%n))
> pass_attrs = mail=user,userPassword=password
> pass_filter = (&(objectClass=qmailUser)(uid=%n))
> default_pass_scheme = PLAIN
>
just for quick testing try set auth_username_chars empty i.e
auth_username_chars =
in dovecot.conf
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
More information about the dovecot
mailing list