Variable expansion in password field (again?!)

Mathias Rabe Mon, 10 May 2021 08:33:54 -0700

Hi list,

I’m experimenting with the mail-crypt-plugin in Dovecot v2.3.4.1 on Debian 10 
Buster. I’m also running a OpenLDAP-Server for user lookup.


My LDAP-settings looks like this:

hosts = ###
dn = cn=###,dc=###,dc=##
dnpass = ###
tls = yes
auth_bind = no
ldap_version = 3
base = ou=people,dc=###,dc=##
scope = subtree
user_attrs = \
  =quota_rule=*:bytes=%{ldap:mailQuota}, \
  =home=/var/vmail/mailboxes/%d/%{ldap:uid}, \
  =mail=maildir:/var/vmail/mailboxes/%d/%{ldap:uid}/mail
user_filter = (&(mail=%u)(objectClass=person)(mailEnabled=TRUE))
pass_attrs = 
mail=user,userPassword=password,=userdb_mail_crypt_private_password=%w,mailCrypt=userdb_mail_crypt_save_version
pass_filter = (&(mail=%u)(objectClass=person)(mailEnabled=TRUE))
iterate_attrs = mail=user
iterate_filter = (objectClass=person)
default_pass_scheme = SSHA-512

The users can log-in and everything works fine including the mail-crypt-plugin 
until an user password contains a % I get the following error message 
(example): 

Error: Failed to expand plugin setting mail_crypt_private_password = 
'"1234%Passwort"': Unknown variable '%P‘

I’ve found some mails but I didn’t found a solution. It seems that Dovecot 
tries to expand some variable in the password:

https://dovecot.org/pipermail/dovecot/2019-July/116338.html
https://dovecot.org/pipermail/dovecot/2020-April/118634.html

So this seems to be a bug or something. Is there any new information on this 
topic or even any solution or workaround?

Thank you very much!

Mathias

Variable expansion in password field (again?!)

Reply via email to