[Dovecot] login fails when username has apostrophe

Seth Mattinen sethm at rollernet.us
Wed Jan 7 07:09:49 EET 2009


Karl Latiss wrote:
> On Tue, 2009-01-06 at 16:47 -0800, Seth Mattinen wrote:
>> Karl Latiss wrote:
>>> On Tue, 2009-01-06 at 16:04 -0800, Seth Mattinen wrote:
>>>> Karl Latiss wrote:
>>>>> On Tue, 2009-01-06 at 18:33 -0500, Timo Sirainen wrote:
>>>>>> On Wed, 2009-01-07 at 10:19 +1100, Karl Latiss wrote:
>>>>>>> Jan  5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o
>>>>>>> \'reilly at example.com,10.3.96.60): pass search: base=dc=example, dc=com
>>>>>>> scope=subtree filter=(&(objectClass=qmailUser)(uid=julie.o\\'reilly))
>>>>>>> field
>>>>>>> s=mail,userPassword
>>>>>> I think it should be julie.o\\\'reilly in there. Have to check why.
>>>>>>
>>>>>>> Jan  5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL
>>>>>>> 1       user=julie.o\'reilly at example.com
>>>>>>> failed, 1 attempts): user=<julie.o\'reilly at example.com>, method=PLAIN,
>>>>>> But I think your client (PHP webmail with automatic slashing enabled?)
>>>>>> is sending the initial \ here. Try logging in manually with telnet to
>>>>>> make sure.
>>>>> The previous log output is with me telnetting in manually, however the
>>>>> webmail software (roundcube) produces the same results.
>>>>>
>>>> It's not an apostrophe - it's an unmatched quote. You'll probably get 
>>>> faster results by changing to logins that don't anger input string 
>>>> sanity checks. Otherwise, be prepared to wait a while for a solution. 
>>>> Probably not what you want to hear, but if you have people knocking down 
>>>> the door over this problem, you're going to have to use what will work.
>>>>
>>>> ~Seth
>>> I understand how it could be interpreted as an unmatched quote but
>>> according to Timo
>>> (http://www.mail-archive.com/dovecot@dovecot.org/msg09489.html) this
>>> should work.
>>>
>>> At any rate since the user database is provided by the client from their
>>> (various) systems it's unlikely I will be able to change user names.
>>>
>>
>> Try a different auth method.
>>
> 
> Do you mean try MySQL or PAM  etc? I may be able to do that on another
> install however this project requires user accounts to be stored in LDAP
> so will need LDAP auth working one way or another.
> 


Start with PAM or some other "simple" auth method. If it works and LDAP 
won't, then you know it's not Doevcot and to focus on LDAP - either 
Dovecot's LDAP module or LDAP itself.

~Seth


More information about the dovecot mailing list