On 6. Nov 2025, at 2.52, cpfeiffer--- via dovecot <dovecot@dovecot.org> wrote:
Hello everyone,
Due to the fix for CVE-2025-30189, routines like userdb_ldap_preinit() call auth_cache_parse_key_and_fields() unconditionally, with the eventually called auth_cache_parse_key_exclude() erroring if a cache key could not be constructed.
It's also noteworthy that this call happens regardless of whether use_cache is set or not, and as of such failing to construct a cache key would cause an error even if use_cache = no was set for that database.
This is however an issue for user iteration with LDAP, as documented here [1]LDAP | Dovecot CE. Such a userdb only has iterate_filter fields that would inherently not be containing any user variables.
Do you have a separate userdb now for ldap userdb lookups? That was the intention at least that usually the userdb filter and iteration would be in the same userdb, not separate ones. Anyway, I'll try to figure out a fix.
I guess that's not saying it very clearly.