[Dovecot] authentification failure: double quotes in password
we use Passdb LDAP with authentication binds against an Active Directory Server. The problem with one of our users seems to be the usage of double quotes in his password, as the windows-login works:
/var/log/dovecot-info.log
auth(default): Info: ldap(testuser 77.22.xx.xxx): invalid credentials (given password: xxxxx"xxxxxxx)
Which chars in passwords does the dovecot auth process not like? Is there something similar to auth_username_chars for passwords?
thanks, martin
On Mon, 2010-05-10 at 18:53 +0200, Martin Ott wrote:
auth(default): Info: ldap(testuser 77.22.xx.xxx): invalid credentials (given password: xxxxx"xxxxxxx)
So I guess that's with auth binding?
Which chars in passwords does the dovecot auth process not like? Is there something similar to auth_username_chars for passwords?
No. All chars are valid. Perhaps this is OpenLDAP/AD bug? The code to do auth binding looks like:
request->msgid = ldap_bind(conn->ld, brequest->dn,
request->auth_request->mech_password,
LDAP_AUTH_SIMPLE);There's no escaping for the password. I don't see how it could be Dovecot's fault.
Am 25.05.2010 19:28, schrieb Timo Sirainen:
On Mon, 2010-05-10 at 18:53 +0200, Martin Ott wrote:
auth(default): Info: ldap(testuser 77.22.xx.xxx): invalid credentials (given password: xxxxx"xxxxxxx)
So I guess that's with auth binding?
yes, that is with auth binding
Which chars in passwords does the dovecot auth process not like? Is there something similar to auth_username_chars for passwords?
No. All chars are valid. Perhaps this is OpenLDAP/AD bug? The code to do auth binding looks like:
request->msgid = ldap_bind(conn->ld, brequest->dn, request->auth_request->mech_password, LDAP_AUTH_SIMPLE);
There's no escaping for the password. I don't see how it could be Dovecot's fault.
we've forbidden double quotes in our password policy now
thanks for your efforts! Martin
participants (2)
-
Martin Ott
-
Timo Sirainen