Variable expansion in password field (again?!)

Mathias Rabe mathias-rabe at post-x.de
Mon May 10 18:33:13 EEST 2021


Hi list,

I’m experimenting with the mail-crypt-plugin in Dovecot v2.3.4.1 on Debian 10 Buster. I’m also running a OpenLDAP-Server for user lookup.

My LDAP-settings looks like this:

hosts = ###
dn = cn=###,dc=###,dc=##
dnpass = ###
tls = yes
auth_bind = no
ldap_version = 3
base = ou=people,dc=###,dc=##
scope = subtree
user_attrs = \
  =quota_rule=*:bytes=%{ldap:mailQuota}, \
  =home=/var/vmail/mailboxes/%d/%{ldap:uid}, \
  =mail=maildir:/var/vmail/mailboxes/%d/%{ldap:uid}/mail
user_filter = (&(mail=%u)(objectClass=person)(mailEnabled=TRUE))
pass_attrs = mail=user,userPassword=password,=userdb_mail_crypt_private_password=%w,mailCrypt=userdb_mail_crypt_save_version
pass_filter = (&(mail=%u)(objectClass=person)(mailEnabled=TRUE))
iterate_attrs = mail=user
iterate_filter = (objectClass=person)
default_pass_scheme = SSHA-512

The users can log-in and everything works fine including the mail-crypt-plugin until an user password contains a % I get the following error message (example): 

Error: Failed to expand plugin setting mail_crypt_private_password = '"1234%Passwort"': Unknown variable '%P‘

I’ve found some mails but I didn’t found a solution. It seems that Dovecot tries to expand some variable in the password:

https://dovecot.org/pipermail/dovecot/2019-July/116338.html
https://dovecot.org/pipermail/dovecot/2020-April/118634.html

So this seems to be a bug or something. Is there any new information on this topic or even any solution or workaround?

Thank you very much!

Mathias


More information about the dovecot mailing list