[Dovecot] dovecot+LDAP/AD encoding issue

[Daniel Parthey]

Wiethoff, Helge wrote:
> Hello everybody,
> 
> i have a problem with dovecot+Active Directory as Authentication-Service. I am not able to use special characters (äöüß (german umlaut)) within a password. Normally I would suggest that the ldap-query is done in UTF-8 but as I debugged the auth-process, I have seen that the password is ISO-8859-1 encoded.
> The "original" query (from roundcube for example) is UTF-8 encoded (I dumped the POST-Query).
> So far I wasn't able to find my error by myself or by searching the web. Maybe someone of you can give me a hint :-)
> 
> Thanks and greetings from Germany,
> Helge

Hello Helge,

In order to make it work with LDAP, the password transmitted
over the IMAP connection needs to be encoded with the same
character set as the password used to generate the hash.

IMAP does not specify how the mail client should encode
the password during the login process. So some older clients
use Latin1 and some newer use UTF-8.

Probably you are interested in reading the discussion from 2008:
http://www.dovecot.org/list/dovecot/2008-November/035263.html

Possibly you could reencode your passwords with some IMAP proxy
like nginx and the mail and mail_auth modules and detect
german umlauts, but such a setup will quickly get complex.

I think, a simple and robust solution would be to limit the
allowed characters for user passwords in your password 
management system to 7-bit ASCII characters (only) and
reset passwords of all users having any login problems.

Greetings,
Daniel
-- 
https://plus.google.com/103021802792276734820