[Dovecot] Active Directory 2003 user database and passwords with special characters

Boris PINON afodis.pinon at hotmail.fr
Mon Oct 29 11:01:03 EET 2012 

Hello everybody,

As explained in the topic, i have troubles with authentication of my users.
First of all, sorry for my poor english...
I'm running dovecot v1.2.15 on a Debian 6 64bits server up to date.
My users database is an Active Directory 2003 (it's important to know that because Active Directory can't retrieve users passwords, you have to bind LDAP with a domain administrator).
So, i'm using userdb ldap for authenticated my users and it works ! BUT...
When an user having a password with special characters like " ² ° § µ à é è ç à â ê î ô û ù ä ë ï ö ü ", authentication does not work.
And in my log file : MY_SERVER
        | mail/info | dovecot | 2012/08/27 10:42:14 | auth(default):
        cache(my_user,192.168.7.127): plain(RU0975é*) !=
        'RU0975é*'
As you can see, the character é has been replaced by é.

My dovecot.conf :
protocols = imap imaps pop3 pop3s managesieve
shutdown_clients = yes

protocol imap {
  listen = 192.168.7.1:143
  ssl_listen = 192.168.7.1:993
  mail_plugins = quota imap_quota autocreate
  imap_client_workarounds = outlook-idle delay-newmail tb-extra-mailbox-sep
}
protocol pop3 {
  listen = 192.168.7.1:110
  ssl_listen = 192.168.7.1:995
  mail_plugins = quota
  pop3_no_flag_updates = no
  pop3_reuse_xuidl = no
  pop3_lock_session = no
  pop3_uidl_format = %08Xu%08Xv
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol managesieve {
  listen = 192.168.7.1:4190
  login_executable = /usr/lib/dovecot/managesieve-login
  mail_executable = /usr/lib/dovecot/managesieve
  managesieve_implementation_string = dovecot
}
protocol lda {
  mail_plugins = sieve quota
  postmaster_address = postmaster at contoso.fr
  hostname = webmail.contoso.fr
  sendmail_path = /usr/sbin/sendmail
  quota_full_tempfail = no
  auth_socket_path = /var/run/dovecot/auth-master
}

log_timestamp = "%Y-%m-%d %H:%M:%S "
syslog_facility = mail
mail_debug = no
auth_debug = no
auth_debug_passwords = no

ssl = required
ssl_cert_file = /etc/ssl/certs/webmail.contoso.fr.pem
ssl_key_file = /etc/ssl/private/webmail.contoso.fr.key
ssl_ca_file = /etc/ssl/certs/VERYSIGN.pem
ssl_verify_client_cert = no

mail_location = maildir:%h
mail_full_filesystem_access = no

mail_uid = 500
mail_gid = 8
mail_privileged_group = mail
first_valid_uid = 500
last_valid_uid = 500
first_valid_gid = 8
last_valid_gid = 8

login_greeting = Webmail CONTOSO
login_process_size = 256
login_process_per_connection = no
login_processes_count = 2
login_max_processes_count = 128
login_max_connections = 512

max_mail_processes = 1024
mail_process_size = 256
mail_max_keyword_length = 50

disable_plaintext_auth = yes
auth_failure_delay = 2
auth_process_size = 256
auth_username_format = %Lu

auth default {
  mechanisms = plain login
  auth_cache_size = 2048

  passdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
  }
  userdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
  }
  user = vmail
  count = 1

  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      mode = 0600
      user = vmail
      group = mail
    }
    client {
      path = /var/run/dovecot/auth-client
      mode = 0666
      user = vmail
      group = mail
    }
  }
}

dict {
}

plugin {
  quota = maildir:User quota
  quota_warning = bytes=80%% /usr/lib/dovecot/quota-warning 80
  quota_warning2 = bytes=95%% /usr/lib/dovecot/quota-warning 95
  quota_warning3 = bytes=99%% /usr/lib/dovecot/quota-warning 99

  sieve=dovecot.sieve
  sieve_dir=~/.Sieve
  sieve_extensions=+imapflags

  autocreate = Spam
  autocreate2 = Trash
  autosubscribe = Spam
  autosubscribe2 = Trash
  autosubscribe3 = Sent
  autosubscribe4 = Drafts
}

And my dovecot-ldap.conf :
# My domain controller
uris = ldap://192.168.1.1:3268
dn = CN=ServerOperator,CN=Users,DC=contoso,DC=fr
dnpass = MyPassword
debug_level = 0
auth_bind = yes
ldap_version = 3
base = CN=Users,DC=contoso,DC=fr
deref = never
scope = subtree
user_attrs = mailDirectory=home=/var/spool/mail/%$,mailQuota=quota_rule=*:bytes=%$,=quota_rule2=Trash:storage=100%%
user_filter = (&(|(sAMAccountName=%n)(mailAcceptingGeneralID=%u)(mail=%u))(!(|(mailDrop="*|*")(mailDrop="*:*")(mailDrop="*/*")(userParams=noMail))))
pass_filter = (&(sAMAccountName=%n)(!(|(mailDrop="*|*")(mailDrop="*:*")(mailDrop="*/*")(userParams=noMail))))
default_pass_scheme = CRYPT

Does anyone else have this problem? If yes, how to solve?
Thank you in advance.

More information about the dovecot mailing list