4 Apr
2026
4 Apr
'26
2:37 p.m.
On 03/04/2026 23:50 EEST Johannes Nohl via dovecot
<[1]dovecot@dovecot.org> wrote:
Bug report: Expanding variables with filter `default` in LDAP context
does not suppress error logging if LDAP attribute is missing.
[...] This results in the following log line:
*> 2026-03-31T00:46:31.102690+02:00 mailserver dovecot:
auth(test,ipv4,sasl:plain)<YE81n0VOVuofEeSD>: Error: ldap:
auth_passdb_post settings: Failed to parse configuration: Failed to
expand passdb_fields/nologin setting variables: ldap: No such
attribute 'shadowinactive'
In case anybody is hit by the issue and for reference: With Linux you
can block the error messages in systemd respectively the logging
facility:
* for systemd unit add file
`/etc/systemd/system/dovecot.service.d/override.conf`
`
[Service]
LogFilterPatterns=~Error: ldap-dn: auth_passdb_post settings: Failed to
parse configuration: Failed to expand passdb_fields/nologin setting
variables: ldap: No such attribute 'shadowinactive'$
`
* for rsyslog add file `/etc/rsyslog.d/dovecot-ldap-errors.frule`
`
if ($syslogfacility-text == 'mail') and \
($msg endswith 'Error: ldap-dn: auth_passdb_post settings: Failed to
parse configuration: Failed to expand passdb_fields/nologin setting
variables: ldap: No such attribute \'shadowinactive\'')
then {
stop
}
`
With openSUSE you need both. Make sure you adapt it to your attribute
(and the syslog faciity). Finally run `systemctl daemon-reload` and
`systemctl restart rsyslog`.
Best,
Johannes
--
JohannesThank you for the bug report, we'll look into it.
Aki
References
Visible links
- mailto:dovecot@dovecot.org