Variable expansion in password field (again?!)
Mathias Rabe
mathias-rabe at post-x.de
Mon May 10 18:33:13 EEST 2021
Hi list,
I’m experimenting with the mail-crypt-plugin in Dovecot v2.3.4.1 on Debian 10 Buster. I’m also running a OpenLDAP-Server for user lookup.
My LDAP-settings looks like this:
hosts = ###
dn = cn=###,dc=###,dc=##
dnpass = ###
tls = yes
auth_bind = no
ldap_version = 3
base = ou=people,dc=###,dc=##
scope = subtree
user_attrs = \
=quota_rule=*:bytes=%{ldap:mailQuota}, \
=home=/var/vmail/mailboxes/%d/%{ldap:uid}, \
=mail=maildir:/var/vmail/mailboxes/%d/%{ldap:uid}/mail
user_filter = (&(mail=%u)(objectClass=person)(mailEnabled=TRUE))
pass_attrs = mail=user,userPassword=password,=userdb_mail_crypt_private_password=%w,mailCrypt=userdb_mail_crypt_save_version
pass_filter = (&(mail=%u)(objectClass=person)(mailEnabled=TRUE))
iterate_attrs = mail=user
iterate_filter = (objectClass=person)
default_pass_scheme = SSHA-512
The users can log-in and everything works fine including the mail-crypt-plugin until an user password contains a % I get the following error message (example):
Error: Failed to expand plugin setting mail_crypt_private_password = '"1234%Passwort"': Unknown variable '%P‘
I’ve found some mails but I didn’t found a solution. It seems that Dovecot tries to expand some variable in the password:
https://dovecot.org/pipermail/dovecot/2019-July/116338.html
https://dovecot.org/pipermail/dovecot/2020-April/118634.html
So this seems to be a bug or something. Is there any new information on this topic or even any solution or workaround?
Thank you very much!
Mathias
More information about the dovecot
mailing list