I'm tired. I have been working many hours now. So it may be that I don't quite understand you correctly. The conclusion I draw from these responsen is that there is something strange going on that I can't do anything about. Dovecot seems to be working fine on my server, so I'm not immediately concerned.
I checked the exact spelling of the attributes I use. It is as follows. In the ldif dump: mailBase, mailMessageStore, dovecotQuota, mailDeliveryAddress and userPassword. And indeed, only userPassword gives an error.
Op 4-2-2026 om 19:54 schreef John Fawcett via dovecot:
Hi Ruud
I think that message "No such attribute 'userpassword' " is being produced because the attribute name userPassword in your configuration is being lower cased by Dovecot and the lower case name is being used by Dovecot both in the check for existence of the attribute and in the error messager. (see t_str_lcase call in code below).
That can also explain why the error still happens even when you change your configuration to use the attribute name userpassword, because that is in any case the value that Dovecot uses internally when checking for the existence of the attribute. If so, you can rule out the line of enquiry of searching for extraneous userpassword attributes in your configuration.
It's still a mystery to me why the existence check went wrong for %{[1]ldap:userPassword} but not for other attributes in your configuration like %{[2]ldap:mailDeliveryaddress}, assuming of course that the latter isn't really called maildeliveryaddress in your schema, which seems unlikely. Maybe Aki has some more insight.
source code file: auth/db-ldap.c
static int db_ldap_field_multi_expand(const char *data, const char **value_r, void *context, const char **error_r) { struct db_ldap_field_expand_context *ctx = context; struct auth_fields *fields = ctx->fields; const char *field_name = t_str_lcase(data);
const char *value = auth_fields_find(fields, db_ldap_attribute_as_multi(field_name)); if (value == NULL || *value == '\0') value = auth_fields_find(fields, field_name);
if (value == NULL || *value == '\0') { *error_r = t_strdup_printf("No such attribute '%s'", field_name); return -1; } *value_r = value; return 0; }
John
On 04/02/2026 15:29, Ruud Baart via dovecot wrote:
Still nobody knows the answer?
In fact it is strange because LDAP attributes are case insensitive. Further If I change in the LDAP config
passdb ldap { ... fields { ... password = %{[3]ldap:userPassword} } }
in
passdb ldap { ... fields { ... password = %{[4]ldap:userpassword} } }
the logins are still OK but the error in the logfile remains the same.
Op 3-2-2026 om 14:45 schreef Ruud Baart via dovecot:
You mean verify with doveconf? Same result
doveconf |grep -i userpassword password = %{[5]ldap:userPassword}
Op 3-2-2026 om 14:08 schreef Aki Tuomi via dovecot:
I ment in your 2.4.1 config
Aki
On 03/02/2026 14:44 EET Ruud Baart via dovecot [6]<dovecot@dovecot.org> wrote:
Don't think so
/etc/dovecot/conf.d# grep -H userpassword * /etc/dovecot/conf.d# grep -H userPassword * auth-ldap.conf.ext: password = %{[7]ldap:userPassword}
Op 3-2-2026 om 13:35 schreef Aki Tuomi via dovecot:
Could it be that you have
'userpassword' instead of 'userPassword' in your config?
Aki
On 03/02/2026 13:21 EET Ruud Baart via dovecot [8]<dovecot@dovecot.org> wrote:
Dovecot 2.4.1 works fine on my Debian Trixie server. I use LDAP as backend for the users.
I don't have problems. Authentication works fine. However logging show every time the following line:
auth-worker(<user name@domain,::1)<109040><3v5ddOlJvrgAAAAAAAAAAAAAAAAAAAAB>: request [7]: Error: ldap: auth_passdb_post settings: Failed to parse configuration: Failed to expand passdb_fields/password setting variables: ldap: No such attribute 'userpassword'
The LDAP authentication works correct. So I don't understand this message.
My correct working LDAP configuration in auth-ldap.conf.ext:
passdb ldap { passdb_use_worker = yes passdb_ldap_filter = (&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user})) ldap_bind = yes fields { user = %{[9]ldap:mailDeliveryaddress} password = %{[10]ldap:userPassword} } }
userdb ldap { userdb_use_worker = yes userdb_ldap_filter = (&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user})) fields { home = %{[11]ldap:mailBase} mail = %{[12]ldap:mailMessageStore} mail_path = %{[13]ldap:mailMessageStore} quota_storage_size = %{[14]ldap:dovecotQuota} } }
dovecot mailing list -- [15]dovecot@dovecot.org To unsubscribe send an email to [16]dovecot-leave@dovecot.org
dovecot mailing list -- [17]dovecot@dovecot.org To unsubscribe send an email to [18]dovecot-leave@dovecot.org
- Don't think so
/etc/dovecot/conf.d# grep -H userpassword * /etc/dovecot/conf.d# grep -H userPassword * auth-ldap.conf.ext: password = %{[1][19]ldap:userPassword}
Op 3-2-2026 om 13:35 schreef Aki Tuomi via dovecot:
Could it be that you have
'userpassword' instead of 'userPassword' in your config?
Aki
On 03/02/2026 13:21 EET Ruud Baart via dovecot [2][20]<dovecot@dovecot.org> wrote:
Dovecot 2.4.1 works fine on my Debian Trixie server. I use LDAP as backend for the users.
I don't have problems. Authentication works fine. However logging show every time the following line:
auth-worker(<user name@domain,::1)<109040><3v5ddOlJvrgAAAAAAAAAAAAAAAAAAAAB>: request [7]: Error: ldap: auth_passdb_post settings: Failed to parse configuration: Failed to expand passdb_fields/password setting variables: ldap: No such attribute 'userpassword'
The LDAP authentication works correct. So I don't understand this message.
My correct working LDAP configuration in auth-ldap.conf.ext:
passdb ldap { passdb_use_worker = yes passdb_ldap_filter = (&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user})) ldap_bind = yes fields { user = %{[3][21]ldap:mailDeliveryaddress} password = %{[4][22]ldap:userPassword} } }
userdb ldap { userdb_use_worker = yes userdb_ldap_filter = (&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user})) fields { home = %{[5][23]ldap:mailBase} mail = %{[6][24]ldap:mailMessageStore} mail_path = %{[7][25]ldap:mailMessageStore} quota_storage_size = %{[8][26]ldap:dovecotQuota} } }
--
Cordialement,
*R.J. Baart Portable: +33 7 88398245*
I'm tired. I have been working many hours now. So it may be that I don't quite understand you correctly. The conclusion I draw from these responsen is that there is something strange going on that I can't do anything about. Dovecot seems to be working fine on my server, so I'm not immediately concerned.
I checked the exact spelling of the attributes I use. It is as follows. In the ldif dump: mailBase, mailMessageStore, dovecotQuota, mailDeliveryAddress and userPassword. And indeed, only userPassword gives an error.
Op 4-2-2026 om 19:54 schreef John Fawcett via dovecot:
Hi Ruud
I think that message "No such attribute 'userpassword' " is being
produced
because the attribute name userPassword in your configuration is being
lower cased by Dovecot and the lower case name is being used by Dovecot
both in the check for existence of the attribute and in the error
messager. (see t_str_lcase call in code below).
That can also explain why the error still happens even when you change
your configuration to use the attribute name userpassword, because that
is
in any case the value that Dovecot uses internally when checking for the
existence of the attribute. If so, you can rule out the line of enquiry
of
searching for extraneous userpassword attributes in your configuration.
It's still a mystery to me why the existence check went wrong
for %{[1][1]ldap:userPassword} but not for other attributes in your
configuration like %{[2][2]ldap:mailDeliveryaddress}, assuming of course
that
the latter isn't really called maildeliveryaddress in your schema, which
seems unlikely. Maybe Aki has some more insight.
source code file: auth/db-ldap.c
static int
db_ldap_field_multi_expand(const char *data, const char **value_r,
void *context, const char **error_r)
{
struct db_ldap_field_expand_context *ctx = context;
struct auth_fields *fields = ctx->fields;
const char *field_name = t_str_lcase(data);
const char *value = auth_fields_find(fields,
db_ldap_attribute_as_multi(field_name));
if (value == NULL || *value == '\0')
value = auth_fields_find(fields, field_name);
if (value == NULL || *value == '\0') {
*error_r = t_strdup_printf("No such attribute '%s'", field_name);
return -1;
}
*value_r = value;
return 0;
}
John
On 04/02/2026 15:29, Ruud Baart via dovecot wrote:
Still nobody knows the answer?
In fact it is strange because LDAP attributes are case insensitive.
Further If I change in the LDAP config
passdb ldap { ... fields { ... password = %{[3][3]ldap:userPassword} }
}
in
passdb ldap { ... fields { ... password = %{[4][4]ldap:userpassword}
} }
the logins are still OK but the error in the logfile remains the same.
Op 3-2-2026 om 14:45 schreef Ruud Baart via dovecot:
You mean verify with doveconf? Same result
doveconf |grep -i userpassword
password = %{[5][5]ldap:userPassword}
Op 3-2-2026 om 14:08 schreef Aki Tuomi via dovecot:
I ment in your 2.4.1 config
Aki
On 03/02/2026 14:44 EET Ruud Baart via dovecot
[6][6]<dovecot@dovecot.org> wrote:
Don't think so
/etc/dovecot/conf.d# grep -H userpassword *
/etc/dovecot/conf.d# grep -H userPassword *
auth-ldap.conf.ext: password = %{[7][7]ldap:userPassword}
Op 3-2-2026 om 13:35 schreef Aki Tuomi via dovecot:
Could it be that you have
'userpassword' instead of 'userPassword' in your config?
Aki
On 03/02/2026 13:21 EET Ruud Baart via dovecot
[8][8]<dovecot@dovecot.org>
wrote:
Dovecot 2.4.1 works fine on my Debian Trixie server. I use
LDAP as
backend for the users.
I don't have problems. Authentication works fine. However
logging show
every time the following line:
auth-worker(<user
name@domain,::1)<109040><3v5ddOlJvrgAAAAAAAAAAAAAAAAAAAAB>:
request [7]:
Error: ldap: auth_passdb_post settings: Failed to parse
configuration:
Failed to expand passdb_fields/password setting variables:
ldap: No such
attribute 'userpassword'
The LDAP authentication works correct. So I don't understand
this
message.
My correct working LDAP configuration in auth-ldap.conf.ext:
passdb ldap {
passdb_use_worker = yes
passdb_ldap_filter =
(&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user}))
ldap_bind = yes
fields {
user = %{[9][9]ldap:mailDeliveryaddress}
password = %{[10][10]ldap:userPassword}
}
}
userdb ldap {
userdb_use_worker = yes
userdb_ldap_filter =
(&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user}))
fields {
home = %{[11][11]ldap:mailBase}
mail = %{[12][12]ldap:mailMessageStore}
mail_path = %{[13][13]ldap:mailMessageStore}
quota_storage_size = %{[14][14]ldap:dovecotQuota}
}
}
_______________________________________________
dovecot mailing list -- [[15]15]dovecot@dovecot.org
To unsubscribe send an email to [[16]16]dovecot-leave@dovecot.org
_______________________________________________
dovecot mailing list -- [[17]17]dovecot@dovecot.org
To unsubscribe send an email to [[18]18]dovecot-leave@dovecot.org
* Don't think so
/etc/dovecot/conf.d# grep -H userpassword *
/etc/dovecot/conf.d# grep -H userPassword *
auth-ldap.conf.ext: password =
%{[1][19][19]ldap:userPassword}
Op 3-2-2026 om 13:35 schreef Aki Tuomi via dovecot:
Could it be that you have
'userpassword' instead of 'userPassword' in your config?
Aki
On 03/02/2026 13:21 EET Ruud Baart via dovecot
[2][20][20]<dovecot@dovecot.org> wrote:
Dovecot 2.4.1 works fine on my Debian Trixie server. I use
LDAP as
backend for the users.
I don't have problems. Authentication works fine. However
logging show
every time the following line:
auth-worker(<user
name@domain,::1)<109040><3v5ddOlJvrgAAAAAAAAAAAAAAAAAAAAB>:
request
[7]:
Error: ldap: auth_passdb_post settings: Failed to parse
configuration:
Failed to expand passdb_fields/password setting variables:
ldap: No
such
attribute 'userpassword'
The LDAP authentication works correct. So I don't
understand this
message.
My correct working LDAP configuration in
auth-ldap.conf.ext:
passdb ldap {
passdb_use_worker = yes
passdb_ldap_filter =
(&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user}))
ldap_bind = yes
fields {
user = %{[3][21][21]ldap:mailDeliveryaddress}
password = %{[4][22][22]ldap:userPassword}
}
}
userdb ldap {
userdb_use_worker = yes
userdb_ldap_filter =
(&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user}))
fields {
home = %{[5][23][23]ldap:mailBase}
mail = %{[6][24][24]ldap:mailMessageStore}
mail_path = %{[7][25][25]ldap:mailMessageStore}
quota_storage_size = %{[8][26][26]ldap:dovecotQuota}
}
}--
Cordialement,
R.J. Baart Portable: +33 7 88398245
References
Visible links
- file:///tmp/tmpg74ljhhk/ldap:userPassword
- file:///tmp/tmpg74ljhhk/ldap:mailDeliveryaddress
- file:///tmp/tmpg74ljhhk/ldap:userPassword
- file:///tmp/tmpg74ljhhk/ldap:userpassword
- file:///tmp/tmpg74ljhhk/ldap:userPassword
- mailto:dovecot@dovecot.org
- file:///tmp/tmpg74ljhhk/ldap:userPassword
- mailto:dovecot@dovecot.org
- file:///tmp/tmpg74ljhhk/ldap:mailDeliveryaddress
- file:///tmp/tmpg74ljhhk/ldap:userPassword
- file:///tmp/tmpg74ljhhk/ldap:mailBase
- file:///tmp/tmpg74ljhhk/ldap:mailMessageStore
- file:///tmp/tmpg74ljhhk/ldap:mailMessageStore
- file:///tmp/tmpg74ljhhk/ldap:dovecotQuota
- mailto:15]dovecot@dovecot.org
- mailto:16]dovecot-leave@dovecot.org
- mailto:17]dovecot@dovecot.org
- mailto:18]dovecot-leave@dovecot.org
- file:///tmp/tmpg74ljhhk/ldap:userPassword
- mailto:dovecot@dovecot.org
- file:///tmp/tmpg74ljhhk/ldap:mailDeliveryaddress
- file:///tmp/tmpg74ljhhk/ldap:userPassword
- file:///tmp/tmpg74ljhhk/ldap:mailBase
- file:///tmp/tmpg74ljhhk/ldap:mailMessageStore
- file:///tmp/tmpg74ljhhk/ldap:mailMessageStore
- file:///tmp/tmpg74ljhhk/ldap:dovecotQuota