[Dovecot] login fails when username has apostrophe

Karl Latiss klatiss at nextdigital.com
Wed Jan 7 01:34:46 EET 2009


On Wed, 2009-01-07 at 00:26 +0100, Robert Schetterer wrote:
> Karl Latiss schrieb:
> > Sorry to bump so quickly but I have a handful of users who can't log in 
> > at the moment and would like to get this fixed.
> > 
> > Am I missing a config option or is this a bug? The only reference I can 
> > find in the mailing list archives is that this configuration should be 
> > supported.
> > 
> > Karl.
> > 
> > --------------------------------------------------------------
> > 
> > Hi
> > 
> > I've added the apostrophe character to auth_username_chars however
> > authentication still fails. I'm using LDAP with the following details:
> > 
> > dovecot version 1.1.7
> > openldap client library 2.4.11
> > 
> > With auth_verbose = yes and auth_debug = yes set I see the following in
> > the logs. Note the initial escaped apostrophe and the subsequent escaped
> > escape in the filter!
> > 
> > ----- start log -----
> > Jan  5 16:15:05 www-example1 dovecot: auth(default): client in: AUTH
> > 1       PLAIN   service=imap    lip=10.1.1.180  rip=10.3.96.60
> > lport=143       rport=48733     resp=<hidden>
> > 
> > Jan  5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o
> > \'reilly at example.com,10.3.96.60): pass search: base=dc=example, dc=com
> > scope=subtree filter=(&(objectClass=qmailUser)(uid=julie.o\\'reilly))
> > field
> > s=mail,userPassword
> > 
> > Jan  5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o
> > \'reilly at example.com,10.3.96.60): unknown user
> > 
> > Jan  5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL
> > 1       user=julie.o\'reilly at example.com
> > failed, 1 attempts): user=<julie.o\'reilly at example.com>, method=PLAIN,
> > rip=10.3.96.60, lip=10.1.1.180
> > ----- end log -----
> > 
> > Users without apostrophes can authenticate successfully. If I've missed
> > anything please let me know.
> > 
> > # dovecot -n
> > # 1.1.7: /usr/local/etc/dovecot.conf
> > # OS: FreeBSD 7.0-RELEASE amd64  ufs
> > protocols: imap
> > listen: 10.1.1.180
> > ssl_disable: yes
> > disable_plaintext_auth: no
> > login_dir: /var/run/dovecot/login
> > login_executable: /usr/local/libexec/dovecot/imap-login
> > login_greeting_capability: yes
> > verbose_proctitle: yes
> > first_valid_uid: 999
> > first_valid_gid: 999
> > mail_privileged_group: mail
> > mail_uid: 999
> > mail_gid: 999
> > mail_location: maildir:/usr/home/vmail/%Ld/%Ln
> > imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
> > auth default:
> >   mechanisms: plain login
> >   username_chars:
> > abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@'
> >   username_format: %Lu
> >   passdb:
> >     driver: ldap
> >     args: /usr/local/etc/dovecot-ldap.conf
> >   userdb:
> >     driver: ldap
> >     args: /usr/local/etc/dovecot-ldap.conf
> >   socket:
> >     type: listen
> >     client:
> >       path: /var/run/dovecot/auth-client
> >       mode: 432
> >     master:
> >       path: /var/run/dovecot/auth-master
> >       mode: 384
> >       user: vmail
> > 
> > # grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf 
> > uris = ldap://www-example1:389
> > dn = uid=xxxx,dc=example,dc=com
> > dnpass = xxxx
> > sasl_bind = no
> > tls = no
> > auth_bind = no
> > ldap_version = 3
> > base = dc=example, dc=com
> > user_attrs = homeDirectory=home=/usr/home/vmail/%L
> > $,mailMessageStore=mail=maildir:/usr/home/vmail/%L$,=uid=999,=gid=999
> > user_filter = (&(objectClass=qmailUser)(uid=%n))
> > pass_attrs = mail=user,userPassword=password
> > pass_filter = (&(objectClass=qmailUser)(uid=%n))
> > default_pass_scheme = PLAIN
> > 
> 
> just for quick testing try set auth_username_chars empty i.e
> auth_username_chars =
> in dovecot.conf

Sorry - should have mentioned that I tried that as well with no success.

Karl.



More information about the dovecot mailing list