Wiethoff, Helge wrote:
Hello everybody,
i have a problem with dovecot+Active Directory as Authentication-Service. I am not able to use special characters (äöüß (german umlaut)) within a password. Normally I would suggest that the ldap-query is done in UTF-8 but as I debugged the auth-process, I have seen that the password is ISO-8859-1 encoded. The "original" query (from roundcube for example) is UTF-8 encoded (I dumped the POST-Query). So far I wasn't able to find my error by myself or by searching the web. Maybe someone of you can give me a hint :-)
Thanks and greetings from Germany, Helge
Hello Helge,
In order to make it work with LDAP, the password transmitted over the IMAP connection needs to be encoded with the same character set as the password used to generate the hash.
IMAP does not specify how the mail client should encode the password during the login process. So some older clients use Latin1 and some newer use UTF-8.
Probably you are interested in reading the discussion from 2008: http://www.dovecot.org/list/dovecot/2008-November/035263.html
Possibly you could reencode your passwords with some IMAP proxy like nginx and the mail and mail_auth modules and detect german umlauts, but such a setup will quickly get complex.
I think, a simple and robust solution would be to limit the allowed characters for user passwords in your password management system to 7-bit ASCII characters (only) and reset passwords of all users having any login problems.