Raw backtrace multiple passwords not allowed
aki.tuomi at dovecot.fi
aki.tuomi at dovecot.fi
Sun Jul 10 12:05:12 UTC 2016
You sure you're not returning multiple password attributes from LDAP?
Aki
> On July 10, 2016 at 1:32 PM Leon Kyneur <leon at f-m.fm> wrote:
>
>
> This turned into quite a large problem for me but think I have resolved it.
>
> After toying this a few settings I ended up (out of sheer desperation)
> setting "blocking = yes" in my LDAP configuration.
>
> Is this a logical thing to do? I couldn't find much on it other than i'm
> guessing queries are no long async.
>
> I don't really see the downside given the upside is auth is not crashing
> and causing password prompts for all my customers...
>
> On 09/07/16 15:26, Leon Kyneur wrote:
> > Hi
> >
> > Recently enabled support for encrypted passwords on my proxies -
> > CRAM-MD5, DIGEST-MD5, NTLM and APOP to support some new users. Most
> > users are working perfectly though every so often I see this happening
> > in the logs:
> >
> > Jul 09 06:32:51 auth: Error:
> > ldap(user at domain.com,192.168.10.90,<mOWiFi431eDKOsBS>): Multiple
> > password values not supported
> > Jul 09 06:32:51 auth: Panic: file passdb-ldap.c: line 99
> > (ldap_lookup_finish): assertion failed: (password == NULL || scheme !=
> > NULL)
> > Jul 09 06:32:51 auth: Error: Raw backtrace:
> > /usr/lib64/dovecot/libdovecot.so.0(+0x86aae) [0x7ff4db08faae] ->
> > /usr/lib64/dovecot/libdovecot.so.0(+0x86b8e) [0x7ff4db08fb8e] ->
> > /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7ff4db033b5d] ->
> > /usr/lib64/dovecot/auth/libauthdb_ldap.so(+0x720b) [0x7ff4d967a20b] ->
> > /usr/lib64/dovecot/auth/libauthdb_ldap.so(+0x5e2f) [0x7ff4d9678e2f] ->
> > /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x4c)
> > [0x7ff4db0a338c] ->
> > /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xff)
> > [0x7ff4db0a47ef] ->
> > /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x25)
> > [0x7ff4db0a3415] ->
> > /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7ff4db0a35c8]
> > -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13)
> > [0x7ff4db03a033] -> dovecot/auth [13 wait, 1 passdb, 0
> > userdb](main+0x39c) [0x7ff4db5454ac] ->
> > /lib64/libc.so.6(__libc_start_main+0xf5) [0x7ff4da61fb15] ->
> > dovecot/auth [13 wait, 1 passdb, 0 userdb](+0xf6a1) [0x7ff4db5456a1]
> > Jul 09 06:32:51 imap-login: Warning: Auth connection closed with 1
> > pending requests (max 0 secs, pid=8759, EOF)
> > Jul 09 06:32:51 imap-login: Warning: Auth connection closed with 1
> > pending requests (max 1 secs, pid=8764, EOF)
> >
> > Password debug shows:
> > Jul 09 06:38:25 auth: Debug:
> > ldap(user at domain.com,192.168.10.90,<xSSOKi438ODKOsBS>): Credentials:
> > 4b616e6761733138
> > Jul 09 06:38:27 auth: Debug: client passdb out: FAIL 2541
> > user=user at domain.com pass=NotPassword original_user=user
> > Jul 09 06:38:37 auth: Debug:
> > passwd-file(tassiedevil,192.168.10.90,<weQKKy438eDKOsBS>): username
> > changed user -> user at domain.com
> > Jul 09 06:38:37 auth: Debug:
> > passwd-file(user at domain.com,192.168.10.90,<weQKKy438eDKOsBS>):
> > Allowing any password
> > Jul 09 06:38:37 auth: Debug:
> > ldap(user at domain.com,192.168.10.90,<weQKKy438eDKOsBS>): pass search:
> > base=o=domains,dc=mail,dc=com scope=subtree
> > filter=(&(objectClass=mail)(status=active)(|(|(mail=user at domain.com)(&(uid=user at domain.com)))(&(enabledService=shadowaddress)(shadowAddress
> > user at domain.com))))
> > fields=mail,userPlaintextPassword,userPlaintextPassword,mailstoreHost
> > Jul 09 06:38:37 auth: Debug:
> > ldap(user at domain.com,192.168.10.90,<weQKKy438eDKOsBS>): result:
> > mail=user at domain.com userPlaintextPassword=NotPassword;
> > mail,userPlaintextPassword unused
> > Jul 09 06:38:37 auth: Debug:
> > ldap(user at domain.com,192.168.10.90,<weQKKy438eDKOsBS>): result:
> > mail=user at domain.com userPlaintextPassword=NotPassword; mailstoreHost
> > missing
> > Jul 09 06:38:37 auth: Debug:
> > ldap(user at domain.com,192.168.10.90,<weQKKy438eDKOsBS>): PLAIN( Jenni)
> > != 'NotPassword'
> > Jul 09 06:38:39 auth: Debug: client passdb out: FAIL 2826
> > user=user at domain.com original_user=user
> >
> >
> > This particular user has a space in their password.. some other users
> > do not when seeing this error.
> >
> > I run multiple passdb and config is:
> > passdb {
> > args = /etc/dovecot/dovecot-ldap-proxy-alias.conf.ext
> > default_fields = nopassword=y password=
> > driver = ldap
> > result_failure = continue-fail
> > result_internalfail = continue-fail
> > result_success = continue-ok
> > }
> > passdb {
> > args = scheme=plain username_format=%l@%d /etc/dovecot/passwd.domains
> > default_fields = nopassword=y password=
> > driver = passwd-file
> > result_success = continue-fail
> > }
> > passdb {
> > args = /etc/dovecot/dovecot-ldap-proxy.conf.ext
> > driver = ldap
> > }
> >
> > LDAP passdb specifies 'PLAIN' as default_pass_scheme.
> >
> > [root at S605 dovecot]# dovecot --version
> > 2.2.24 (a82c823)
> >
> > Any ideas what's going on here?
More information about the dovecot
mailing list