[Dovecot] authentification failure: double quotes in password

Timo Sirainen tss at iki.fi
Tue May 25 20:28:24 EEST 2010


On Mon, 2010-05-10 at 18:53 +0200, Martin Ott wrote:
> auth(default): Info: ldap(testuser 77.22.xx.xxx): invalid credentials 
> (given password: xxxxx"xxxxxxx)

So I guess that's with auth binding?

> Which chars in passwords does the dovecot auth process not like?
> Is there something similar to auth_username_chars for passwords?

No. All chars are valid. Perhaps this is OpenLDAP/AD bug? The code to do
auth binding looks like:

	request->msgid = ldap_bind(conn->ld, brequest->dn,
				   request->auth_request->mech_password,
				   LDAP_AUTH_SIMPLE);

There's no escaping for the password. I don't see how it could be
Dovecot's fault.




More information about the dovecot mailing list