dovecot - Dec 2008 - Username changed by dovecot..?

Hello,

I have postfix+dovecot authenticating via LDAP to Active directory and
everything is working fine except that some user names get changed by
dovecot.

# cat dovecot/dovecot-ldap.conf
hosts = 192.168.50.30 192.168.50.31
base = ou=HST-Users,dc=h-st,dc=com
ldap_version = 3
auth_bind = yes
dn = cn=<account>,cn=Users,dc=h-st,dc=com
dnpass = <password>
user_attrs = 
sAMAccountName=mail=maildir:/home/vmail/%Ud/%Ln,=gid=1000,=uid=1001
user_filter = (&(objectClass=person)(mail=%u))
pass_filter = (&(objectClass=person)(mail=%u))

I am using the value of ?mail? field from active directory as user name. So
here are test users:
test1: mail=test1 at h-st.com
test3: mail=test3 at housigma20.h-st.com
test5: mail=test5 at yomama.com

USER TEST1:
# telnet localhost pop3
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
user test1 at h-st.com
+OK
pass houston
+OK Logged in.

Logs show:
dovecot: auth(default): client in: AUTH      1       PLAIN   service=pop3
secured lip=127.0.0.1   rip=127.0.0.1   lport=110       rport=43073
resp=<hidden>
dovecot: auth(default): ldap(test1 at h-st.com,127.0.0.1): bind search:
base=ou=HST-Users,dc=h-st,dc=com
filter=(&(objectClass=person)(mail=test1 at h-st.com))
dovecot: auth(default): ldap(test1 at h-st.com,127.0.0.1): no fields returned
by the server
dovecot: auth(default): client out: OK       1       user=test1 at h-st.com
dovecot: auth(default): master in: REQUEST   7       3526    1
dovecot: auth(default): ldap(test1 at h-st.com,127.0.0.1): user search:
base=ou=HST-Users,dc=h-st,dc=com scope=subtree
filter=(&(objectClass=person)(mail=test1 at h-st.com)) fields=sAMAccountName
dovecot: auth(default): ldap(test1 at h-st.com,127.0.0.1): result:
sAMAccountName(mail=maildir:/home/vmail/%Ud/%Ln)=maildir:/home/vmail/H-ST.CO
M/test1
dovecot: auth(default): master out: USER     7       test1 at h-st.com
mail=maildir:/home/vmail/H-ST.COM/test1 gid=1000        uid=1001
dovecot: pop3-login: Login: user=<test1 at h-st.com>, method=PLAIN,
rip=127.0.0.1, lip=127.0.0.1, secured

The directory was created and everything is fine.

USER TEST3:
# telnet localhost pop3
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
user test3 at housigma20.h-st.com
+OK
pass houston
-ERR [IN-USE] Internal login failure. Refer to server log for more
information.
Connection closed by foreign host.

Logs show:
dovecot: auth(default): client in: AUTH      1       PLAIN   service=pop3
secured lip=127.0.0.1   rip=127.0.0.1   lport=110       rport=34057
resp=<hidden>
dovecot: auth(default): ldap(test3 at housigma20.h-st.com,127.0.0.1): bind
search: base=ou=HST-Users,dc=h-st,dc=com
filter=(&(objectClass=person)(mail=test3 at housigma20.h-st.com))
dovecot: auth(default): auth(test3 at housigma20.h-st.com,127.0.0.1): username
changed test3 at housigma20.h-st.com -> test3
dovecot: auth(default): ldap(test3,127.0.0.1): result: uid(user)=test3
dovecot: auth(default): client out: OK       1       user=test3
dovecot: auth(default): master in: REQUEST   8       3859    1
dovecot: auth(default): ldap(test3,127.0.0.1): user search:
base=ou=HST-Users,dc=h-st,dc=com scope=subtree
filter=(&(objectClass=person)(mail=test3)) fields=sAMAccountName
dovecot: auth(default): ldap(test3,127.0.0.1): Unknown user
dovecot: auth(default): userdb(test3,127.0.0.1): user not found from userdb
ldap
dovecot: auth(default): master out: NOTFOUND 8
dovecot: pop3-login: Internal login failure (auth failed, 1 attempts):
user=<test3>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured

It obvously fails because the username was changed to only %u. Why does it
get changed...? 

Any ideas...?

Thanks..

# dovecot -n
# 1.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.16.60-0.21-xenpae i686 SUSE Linux Enterprise Server 10
(i586) 
protocols: imap imaps pop3 pop3s
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
mail_uid: vmail
mail_gid: vmail
mail_location: maildir:~/Maildir/
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugins(default): acl
mail_plugins(imap): acl
mail_plugins(pop3):
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh
imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh
imap_client_workarounds(pop3):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
  mechanisms: plain login
  verbose: yes
  debug: yes
  passdb:
    driver: ldap
    args: /etc/dovecot/dovecot-ldap.conf
  userdb:
    driver: ldap
    args: /etc/dovecot/dovecot-ldap.conf
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix
    master:
      path: /var/run/dovecot/auth-master
      mode: 432
      user: vmail
      group: vmail

On Fri, 2008-12-05 at 12:30 -0600, Romer Ventura wrote:
> # cat dovecot/dovecot-ldap.conf
You didn't show pass_attrs, so Dovecot is using the defaults:

pass_attrs = uid=user,userPassword=password

The uid=user part makes Dovecot change the username if uid field is
different than the logged in username. So you could set:

pass_attrs = userPassword=password

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20081205/0647d095/attachment-0002.bin>