thr3ads.net - dovecot - [Dovecot] Dovecot LDAP Auth & Usernames with dashes [Oct 2009]

If this information is useful, please help other people find it:
Share via:

Chris Jones

2009-Oct-02 20:20 UTC

[Dovecot] Dovecot LDAP Auth & Usernames with dashes

Hi All,

We're seeing an issue with LDAP auth when the username contains a -  
char.

We're using 1.0.15 as packaged for Debian Lenny

Oct  2 12:29:02 silver dovecot: auth(default): LDAP: binding failed  
(dn (none)): Protocol error
Oct  2 12:29:03 silver dovecot: imap-login: Aborted login (1  
authentication attempts): user=<sci-fi at sucs.org>, method=PLAIN,  
rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured

Setup works perfectly for the other 200 users, none of whom have a -  
in the username.

Any suggestions?

--
Chris Jones, SUCS Admin
http://sucs.org

Dovecot Conf

  dovecot -n
# 1.0.15: /etc/dovecot/dovecot.conf
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap imaps pop3 pop3s
listen: [::]
ssl_cert_file: /usr/local/sucs-pki/certs/sucs+subCA.crt
ssl_key_file: /usr/local/sucs-pki/private/sucs.key
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
mail_privileged_group: mail
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
pop3_uidl_format(default):
pop3_uidl_format(imap):
pop3_uidl_format(pop3): %08Xu%08Xv
auth default:
   passdb:
     driver: pam
     args: dovecot
   passdb:
     driver: ldap
     args: /etc/dovecot/dovecot-ldap.conf
   userdb:
     driver: passwd

 From /etc/dovecot/dovecot-ldap.conf
hosts = localhost
auth_bind = yes
base = ou=People,dc=sucs,dc=org
user_filter = (&(objectClass=posixAccount)(uid=%u))

Timo Sirainen

2009-Oct-02 20:43 UTC

head link

[Dovecot] Dovecot LDAP Auth & Usernames with dashes

On Fri, 2009-10-02 at 21:20 +0100, Chris Jones wrote:> We're seeing an issue with LDAP auth when the username contains a -  
> char.
> 
> We're using 1.0.15 as packaged for Debian Lenny
> 
> Oct  2 12:29:02 silver dovecot: auth(default): LDAP: binding failed  
> (dn (none)): Protocol error
Either your LDAP server doesn't like it, or Dovecot should be escaping
'-' characters. What does it log with auth_debug=yes? What LDAP server
do you use? If you can compile sources, you could also try adding '-' to
IS_LDAP_ESCAPED_CHAR() in src/auth/db-ldap.c

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20091002/c926169f/attachment-0002.bin>

Reasonably Related Threads

Search for more apparently analagous threads

dovecot - Oct 2009 - Dovecot LDAP Auth & Usernames with dashes

[Dovecot] Dovecot LDAP Auth & Usernames with dashes

[Dovecot] Dovecot LDAP Auth & Usernames with dashes

Reasonably Related Threads