[Dovecot] login fails when username has apostrophe

Karl Latiss klatiss at nextdigital.com
Mon Jan 5 08:09:54 EET 2009


Hi

I've added the apostrophe character to auth_username_chars however
authentication still fails. I'm using LDAP with the following details:

dovecot version 1.1.7
openldap client library 2.4.11

With auth_verbose = yes and auth_debug = yes set I see the following in
the logs. Note the initial escaped apostrophe and the subsequent escaped
escape in the filter!

----- start log -----
Jan  5 16:15:05 www-example1 dovecot: auth(default): client in: AUTH
1       PLAIN   service=imap    lip=10.1.1.180  rip=10.3.96.60
lport=143       rport=48733     resp=<hidden>

Jan  5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o
\'reilly at example.com,10.3.96.60): pass search: base=dc=example, dc=com
scope=subtree filter=(&(objectClass=qmailUser)(uid=julie.o\\'reilly))
field
s=mail,userPassword

Jan  5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o
\'reilly at example.com,10.3.96.60): unknown user

Jan  5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL
1       user=julie.o\'reilly at example.com
failed, 1 attempts): user=<julie.o\'reilly at example.com>, method=PLAIN,
rip=10.3.96.60, lip=10.1.1.180
----- end log -----

Users without apostrophes can authenticate successfully. If I've missed
anything please let me know.

# dovecot -n
# 1.1.7: /usr/local/etc/dovecot.conf
# OS: FreeBSD 7.0-RELEASE amd64  ufs
protocols: imap
listen: 10.1.1.180
ssl_disable: yes
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
login_greeting_capability: yes
verbose_proctitle: yes
first_valid_uid: 999
first_valid_gid: 999
mail_privileged_group: mail
mail_uid: 999
mail_gid: 999
mail_location: maildir:/usr/home/vmail/%Ld/%Ln
imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
auth default:
  mechanisms: plain login
  username_chars:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@'
  username_format: %Lu
  passdb:
    driver: ldap
    args: /usr/local/etc/dovecot-ldap.conf
  userdb:
    driver: ldap
    args: /usr/local/etc/dovecot-ldap.conf
  socket:
    type: listen
    client:
      path: /var/run/dovecot/auth-client
      mode: 432
    master:
      path: /var/run/dovecot/auth-master
      mode: 384
      user: vmail

# grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf 
uris = ldap://www-example1:389
dn = uid=xxxx,dc=example,dc=com
dnpass = xxxx
sasl_bind = no
tls = no
auth_bind = no
ldap_version = 3
base = dc=example, dc=com
user_attrs = homeDirectory=home=/usr/home/vmail/%L
$,mailMessageStore=mail=maildir:/usr/home/vmail/%L$,=uid=999,=gid=999
user_filter = (&(objectClass=qmailUser)(uid=%n))
pass_attrs = mail=user,userPassword=password
pass_filter = (&(objectClass=qmailUser)(uid=%n))
default_pass_scheme = PLAIN

-- 
Karl Latiss <klatiss at nextdigital.com>
Next Digital


More information about the dovecot mailing list