On 19/03/18 06:30, Aki Tuomi wrote:

On 19.03.2018 07:58, Alexander Dalloz wrote:

...

Am 18.03.2018 um 23:25 schrieb André Rodier:

...

Every other alias works, but not those with accents. They are correctly stored in the LDAP database, using base64.

Why do you even think a character like 'é' would be legal in the local part of an email address?

Alexander

Hi!

This is slightly more complicated than that. UTF-8 is legal part of local part of an email address, if SMTPUTF8 is used (as per RFC 6532). Dovecot does not yet fully support UTF-8 in certain parts, particularly we do not yet support RFC 6855 (IMAP Support for UTF-8), but we are working on getting that to work, after which you can log in with UTF-8 usernames and passwords reliably.

Aki

Thank you, Aki,

Does it means Dovecot LMTP supports querying the LDAP server using UTF-8 characters?

In this case, the problem might not be Dovecot, but OpenLDAP.

I had to use base64 encoding to store email addresses, because they are rejected otherwise, with an error message of illegal characters. I also noticed that some of the fields, like 'dn' and 'cn' where automatically encoded in base64 when stored when including accentuated chars.

Regarding logging in with international characters, I have not tested it yet, but I am happy to test and to provide feedback if you are interested.

Thanks again for this excellent software, I have been using it for more than a decade, now...

Kind regards, André

On 19/03/2018 07:23, Steffen Kaiser wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Mon, 19 Mar 2018, André Rodier wrote:

...

I had to use base64 encoding to store email addresses, because they are rejected otherwise, with an error message of illegal characters. I also

you are using the stock "mail" attribute in LDAP as:

olcAttributeTypes: ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

http://www.oid-info.com/get/1.3.6.1.4.1.1466.115.121.1.26 https://en.wikipedia.org/wiki/IA5STRING IA5 :- 7bit

...

noticed that some of the fields, like 'dn' and 'cn' where automatically encoded in base64 when stored when including accentuated chars.

you mean when you use ldapsearch or similiar tool to export data? LDIF traditionally encode all data in 7bit ASCII, which is noted by the double "::" after the LDAP attribute name. The data in LDAP is UTF8 and binary connections need not encode it either.

• -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBWq9lWMQnQQNheMxiAQL3ywgAtbWsT1U+PQgdK0D3StI9c44r8KgEG7dr AXhIvFPowuD3U0KH0ZJ8VHc+/WN0DMqCONvuaUyueaGY8bgqx+cNw8z01zMC9hTF xfs8x1lQsgikacyyjo3o9WehOJzgnlGvt33LLwjsI62WOLFE8PXnkZFXpkAWI1f4 yTWoTFOxPnAA90CDBS4aBHdBaFI0TwbiGP5oIyjGCvI1aHJSTy5lNKfwUkvTdI+L tH4Z0JDkB3YBnRVIL6ST5W7p0VvBAQo+ia+UXpsZ4b1t3/xYCKtNV0ls9jIoqVzg dEFeyUoKQe8k5N8k6/vVVElzwtW6fxzQUJQXj01u03udqVMmTqXhrw== =8rp9 -----END PGP SIGNATURE-----

Hello Steffen,

Thank you for your answer.

In fact, I am using the otherMailBox attribute, from the standard OpenLDAP distribution, which is also IA5String.

• Is there any way in Dovecot to encode the fields in base 64, to send queries? as the query is "eq", this would be enough, I think.
• Or is the LDAP server is supposed to store attributes as UTF8, and in this case, how to configure it that way?

Thanks!

# RFC1274: Cosine and Internet X.500 schema: # 9.3.18. Other Mailbox # # The Other Mailbox attribute type specifies values for electronic # mailbox types other than X.400 and rfc822. # # otherMailbox ATTRIBUTE # WITH ATTRIBUTE-SYNTAX # SEQUENCE { # mailboxType PrintableString, -- e.g. Telemail # mailbox IA5String -- e.g. X378:Joe # } # ::= {pilotAttributeType 22} # attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )

-- https://github.com/progmaticltd/homebox

On 20/03/2018 08:00, Steffen Kaiser wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Mon, 19 Mar 2018, Andre Rodier wrote:

...

In fact, I am using the otherMailBox attribute, from the standard OpenLDAP distribution, which is also IA5String.

• Is there any way in Dovecot to encode the fields in base 64, to send queries? as the query is "eq", this would be enough, I think.

Check out: https://wiki2.dovecot.org/Variables?highlight=(base64)

However, I never used this modifier and Aki pointed out, that UTF8 usernames are not (100%) supported, yet.

...

• Or is the LDAP server is supposed to store attributes as UTF8, and in this case, how to configure it that way?

To achieve this, you must/can extend the schema with your own attribute that uses:

https://www.ldap.com/understanding-ldap-schema

"Directory String

"The directory string syntax is basically a catch-all syntax for UTF-8 strings. It allows values with this syntax to have any combination of one or more UTF-8 characters (empty directory string values are not allowed, although some directory servers ignore this constraint).

"The directory string syntax is defined in RFC 4517 section 3.3.6, and has an OID of "1.3.6.1.4.1.1466.115.121.1.15"."

Otherwise, you could _misuse_ an exiting attribute of this type unused in your directory otherwise.

• -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBWrC/hcQnQQNheMxiAQLV+wf+P/gzADRyNSIQtILNKoN7eHEVPNGt9iVd TzHl5rka9XB89eUE2lsGjlURH3PIVqDKjtTEAl27CYiBr9OI66u+PvhE1o2lvY7R YBG1Z/R3n8FWF58HpxwJGBbY4iiPQKSvvRM43/Q2mYnEveyIBvNZawNo0okTNMOM bMSmpUhxGKsqmAeEoUQHOKrujAK0qfucZDI7nuSGjJeej7L2HXm3sEEKTEuYmUDQ E2ox5fAyIMURA+NINzdmk7chXu30DfWuHNY8jwezM3SEds5xlAy4x6qD6EZ4f7qP KnYEfxnYyISDqcXSy9AL20srIzn2OXiTA3/TiVOKFXpHrrst8kVCeg== =+Me+ -----END PGP SIGNATURE-----

Thank you, Steffen, this is a great link.

I am probably going to keep this attribute, and use base64, for now.

Kind regards, Andre

-- https://github.com/progmaticltd/homebox