[Dovecot] dovecot+LDAP/AD encoding issue
Daniel Parthey
daniel.parthey at informatik.tu-chemnitz.de
Wed Aug 8 01:22:26 EEST 2012
Wiethoff, Helge wrote:
> Hello everybody,
>
> i have a problem with dovecot+Active Directory as Authentication-Service. I am not able to use special characters (äöüß (german umlaut)) within a password. Normally I would suggest that the ldap-query is done in UTF-8 but as I debugged the auth-process, I have seen that the password is ISO-8859-1 encoded.
> The "original" query (from roundcube for example) is UTF-8 encoded (I dumped the POST-Query).
> So far I wasn't able to find my error by myself or by searching the web. Maybe someone of you can give me a hint :-)
>
> Thanks and greetings from Germany,
> Helge
Hello Helge,
In order to make it work with LDAP, the password transmitted
over the IMAP connection needs to be encoded with the same
character set as the password used to generate the hash.
IMAP does not specify how the mail client should encode
the password during the login process. So some older clients
use Latin1 and some newer use UTF-8.
Probably you are interested in reading the discussion from 2008:
http://www.dovecot.org/list/dovecot/2008-November/035263.html
Possibly you could reencode your passwords with some IMAP proxy
like nginx and the mail and mail_auth modules and detect
german umlauts, but such a setup will quickly get complex.
I think, a simple and robust solution would be to limit the
allowed characters for user passwords in your password
management system to 7-bit ASCII characters (only) and
reset passwords of all users having any login problems.
Greetings,
Daniel
--
https://plus.google.com/103021802792276734820
More information about the dovecot
mailing list