[Dovecot] Dovecot LDAP Auth & Usernames with dashes
Hi All,
We're seeing an issue with LDAP auth when the username contains a -
char.
We're using 1.0.15 as packaged for Debian Lenny
Oct 2 12:29:02 silver dovecot: auth(default): LDAP: binding failed
(dn (none)): Protocol error
Oct 2 12:29:03 silver dovecot: imap-login: Aborted login (1
authentication attempts): user=sci-fi@sucs.org, method=PLAIN,
rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
Setup works perfectly for the other 200 users, none of whom have a -
in the username.
Any suggestions?
-- Chris Jones, SUCS Admin http://sucs.org
Dovecot Conf
dovecot -n # 1.0.15: /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s listen: [::] ssl_cert_file: /usr/local/sucs-pki/certs/sucs+subCA.crt ssl_key_file: /usr/local/sucs-pki/private/sucs.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_privileged_group: mail mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xu%08Xv auth default: passdb: driver: pam args: dovecot passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: passwd
From /etc/dovecot/dovecot-ldap.conf hosts = localhost auth_bind = yes base = ou=People,dc=sucs,dc=org user_filter = (&(objectClass=posixAccount)(uid=%u))
On Fri, 2009-10-02 at 21:20 +0100, Chris Jones wrote:
We're seeing an issue with LDAP auth when the username contains a -
char.We're using 1.0.15 as packaged for Debian Lenny
Oct 2 12:29:02 silver dovecot: auth(default): LDAP: binding failed
(dn (none)): Protocol error
Either your LDAP server doesn't like it, or Dovecot should be escaping '-' characters. What does it log with auth_debug=yes? What LDAP server do you use? If you can compile sources, you could also try adding '-' to IS_LDAP_ESCAPED_CHAR() in src/auth/db-ldap.c
participants (2)
-
Chris Jones
-
Timo Sirainen