Re: Accentuated email addresses stored in LDAP
On 20/03/2018 08:00, Steffen Kaiser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 19 Mar 2018, Andre Rodier wrote: In fact, I am using the otherMailBox attribute, from the standard OpenLDAP distribution, which is also IA5String. - Is there any way in Dovecot to encode the fields in base 64, to send queries? as the query is "eq", this would be enough, I think. Check out: https://wiki2.dovecot.org/Variables?highlight=(base64) However, I never used this modifier and Aki pointed out, that UTF8 usernames are not (100%) supported, yet. - Or is the LDAP server is supposed to store attributes as UTF8, and in this case, how to configure it that way? To achieve this, you must/can extend the schema with your own attribute that uses: https://www.ldap.com/understanding-ldap-schema "Directory String "The directory string syntax is basically a catch-all syntax for UTF-8 strings. It allows values with this syntax to have any combination of one or more UTF-8 characters (empty directory string values are not allowed, although some directory servers ignore this constraint). "The directory string syntax is defined in RFC 4517 section 3.3.6, and has an OID of "1.3.6.1.4.1.1466.115.121.1.15"." Otherwise, you could _misuse_ an exiting attribute of this type unused in your directory otherwise. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWrC/hcQnQQNheMxiAQLV+wf+P/gzADRyNSIQtILNKoN7eHEVPNGt9iVd TzHl5rka9XB89eUE2lsGjlURH3PIVqDKjtTEAl27CYiBr9OI66u+PvhE1o2lvY7R YBG1Z/R3n8FWF58HpxwJGBbY4iiPQKSvvRM43/Q2mYnEveyIBvNZawNo0okTNMOM bMSmpUhxGKsqmAeEoUQHOKrujAK0qfucZDI7nuSGjJeej7L2HXm3sEEKTEuYmUDQ E2ox5fAyIMURA+NINzdmk7chXu30DfWuHNY8jwezM3SEds5xlAy4x6qD6EZ4f7qP KnYEfxnYyISDqcXSy9AL20srIzn2OXiTA3/TiVOKFXpHrrst8kVCeg== =+Me+ -END PGP SIGNATURE- Thank you, Steffen, this is a great link. I am probably going to keep this attribute, and use base64, for now. Kind regards, Andre -- https://github.com/progmaticltd/homebox
Re: Accentuated email addresses stored in LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 19 Mar 2018, Andre Rodier wrote: In fact, I am using the otherMailBox attribute, from the standard OpenLDAP distribution, which is also IA5String. - Is there any way in Dovecot to encode the fields in base 64, to send queries? as the query is "eq", this would be enough, I think. Check out: https://wiki2.dovecot.org/Variables?highlight=(base64) However, I never used this modifier and Aki pointed out, that UTF8 usernames are not (100%) supported, yet. - Or is the LDAP server is supposed to store attributes as UTF8, and in this case, how to configure it that way? To achieve this, you must/can extend the schema with your own attribute that uses: https://www.ldap.com/understanding-ldap-schema "Directory String "The directory string syntax is basically a catch-all syntax for UTF-8 strings. It allows values with this syntax to have any combination of one or more UTF-8 characters (empty directory string values are not allowed, although some directory servers ignore this constraint). "The directory string syntax is defined in RFC 4517 section 3.3.6, and has an OID of "1.3.6.1.4.1.1466.115.121.1.15"." Otherwise, you could _misuse_ an exiting attribute of this type unused in your directory otherwise. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWrC/hcQnQQNheMxiAQLV+wf+P/gzADRyNSIQtILNKoN7eHEVPNGt9iVd TzHl5rka9XB89eUE2lsGjlURH3PIVqDKjtTEAl27CYiBr9OI66u+PvhE1o2lvY7R YBG1Z/R3n8FWF58HpxwJGBbY4iiPQKSvvRM43/Q2mYnEveyIBvNZawNo0okTNMOM bMSmpUhxGKsqmAeEoUQHOKrujAK0qfucZDI7nuSGjJeej7L2HXm3sEEKTEuYmUDQ E2ox5fAyIMURA+NINzdmk7chXu30DfWuHNY8jwezM3SEds5xlAy4x6qD6EZ4f7qP KnYEfxnYyISDqcXSy9AL20srIzn2OXiTA3/TiVOKFXpHrrst8kVCeg== =+Me+ -END PGP SIGNATURE-
Re: Accentuated email addresses stored in LDAP
On 19/03/2018 07:23, Steffen Kaiser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 19 Mar 2018, André Rodier wrote:
I had to use base64 encoding to store email addresses, because they
are
rejected otherwise, with an error message of illegal characters. I
also
you are using the stock "mail" attribute in LDAP as:
olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbox' )
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
http://www.oid-info.com/get/1.3.6.1.4.1.1466.115.121.1.26
https://en.wikipedia.org/wiki/IA5STRING
IA5 :- 7bit
noticed that some of the fields, like 'dn' and 'cn' where
automatically
encoded in base64 when stored when including accentuated chars.
you mean when you use ldapsearch or similiar tool to export data? LDIF
traditionally encode all data in 7bit ASCII, which is noted by the
double "::" after the LDAP attribute name. The data in LDAP is UTF8
and binary connections need not encode it either.
- -- Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQEVAwUBWq9lWMQnQQNheMxiAQL3ywgAtbWsT1U+PQgdK0D3StI9c44r8KgEG7dr
AXhIvFPowuD3U0KH0ZJ8VHc+/WN0DMqCONvuaUyueaGY8bgqx+cNw8z01zMC9hTF
xfs8x1lQsgikacyyjo3o9WehOJzgnlGvt33LLwjsI62WOLFE8PXnkZFXpkAWI1f4
yTWoTFOxPnAA90CDBS4aBHdBaFI0TwbiGP5oIyjGCvI1aHJSTy5lNKfwUkvTdI+L
tH4Z0JDkB3YBnRVIL6ST5W7p0VvBAQo+ia+UXpsZ4b1t3/xYCKtNV0ls9jIoqVzg
dEFeyUoKQe8k5N8k6/vVVElzwtW6fxzQUJQXj01u03udqVMmTqXhrw==
=8rp9
-END PGP SIGNATURE-
Hello Steffen,
Thank you for your answer.
In fact, I am using the otherMailBox attribute, from the standard
OpenLDAP distribution, which is also IA5String.
- Is there any way in Dovecot to encode the fields in base 64, to send
queries? as the query is "eq", this would be enough, I think.
- Or is the LDAP server is supposed to store attributes as UTF8, and in
this case, how to configure it that way?
Thanks!
# RFC1274: Cosine and Internet X.500 schema:
# 9.3.18. Other Mailbox
#
# The Other Mailbox attribute type specifies values for electronic
# mailbox types other than X.400 and rfc822.
#
#otherMailbox ATTRIBUTE
#WITH ATTRIBUTE-SYNTAX
#SEQUENCE {
#mailboxType PrintableString, -- e.g. Telemail
#mailbox IA5String -- e.g. X378:Joe
#}
#::= {pilotAttributeType 22}
#
attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
--
https://github.com/progmaticltd/homebox
Re: Accentuated email addresses stored in LDAP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 19 Mar 2018, André Rodier wrote:
I had to use base64 encoding to store email addresses, because they are
rejected otherwise, with an error message of illegal characters. I also
you are using the stock "mail" attribute in LDAP as:
olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbox' )
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
http://www.oid-info.com/get/1.3.6.1.4.1.1466.115.121.1.26
https://en.wikipedia.org/wiki/IA5STRING
IA5 :- 7bit
noticed that some of the fields, like 'dn' and 'cn' where automatically
encoded in base64 when stored when including accentuated chars.
you mean when you use ldapsearch or similiar tool to export data? LDIF
traditionally encode all data in 7bit ASCII, which is noted by the double
"::" after the LDAP attribute name. The data in LDAP is UTF8 and binary
connections need not encode it either.
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQEVAwUBWq9lWMQnQQNheMxiAQL3ywgAtbWsT1U+PQgdK0D3StI9c44r8KgEG7dr
AXhIvFPowuD3U0KH0ZJ8VHc+/WN0DMqCONvuaUyueaGY8bgqx+cNw8z01zMC9hTF
xfs8x1lQsgikacyyjo3o9WehOJzgnlGvt33LLwjsI62WOLFE8PXnkZFXpkAWI1f4
yTWoTFOxPnAA90CDBS4aBHdBaFI0TwbiGP5oIyjGCvI1aHJSTy5lNKfwUkvTdI+L
tH4Z0JDkB3YBnRVIL6ST5W7p0VvBAQo+ia+UXpsZ4b1t3/xYCKtNV0ls9jIoqVzg
dEFeyUoKQe8k5N8k6/vVVElzwtW6fxzQUJQXj01u03udqVMmTqXhrw==
=8rp9
-END PGP SIGNATURE-
Re: Accentuated email addresses stored in LDAP
On 19/03/18 06:30, Aki Tuomi wrote: > > > On 19.03.2018 07:58, Alexander Dalloz wrote: >> Am 18.03.2018 um 23:25 schrieb André Rodier: >>> Every other alias works, but not those with accents. They are correctly >>> stored in the LDAP database, using base64. >> >> Why do you even think a character like 'é' would be legal in the local >> part of an email address? >> >> Alexander >> > Hi! > > This is slightly more complicated than that. UTF-8 is legal part of > local part of an email address, if SMTPUTF8 is used (as per RFC 6532). > Dovecot does not yet fully support UTF-8 in certain parts, particularly > we do not yet support RFC 6855 (IMAP Support for UTF-8), but we are > working on getting that to work, after which you can log in with UTF-8 > usernames and passwords reliably. > > Aki > Thank you, Aki, Does it means Dovecot LMTP supports querying the LDAP server using UTF-8 characters? In this case, the problem might not be Dovecot, but OpenLDAP. I had to use base64 encoding to store email addresses, because they are rejected otherwise, with an error message of illegal characters. I also noticed that some of the fields, like 'dn' and 'cn' where automatically encoded in base64 when stored when including accentuated chars. Regarding logging in with international characters, I have not tested it yet, but I am happy to test and to provide feedback if you are interested. Thanks again for this excellent software, I have been using it for more than a decade, now... Kind regards, André
Re: Accentuated email addresses stored in LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 18 Mar 2018, André Rodier wrote: Every other alias works, but not those with accents. They are correctly stored in the LDAP database, using base64. Despite Aki's answer, whether it works at all, I would expect the enconding in LDAP is UTF8 instead of base64. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWq9ac8QnQQNheMxiAQIDPggAs2T7WwPYoHhIjl8r0Iyt00VFLnlqwECD IqFYL+aznVC2KXWzhK8Q9wZyQk1NyjNtEZnPUmsET0YUF9CK2P7WfruKLhqIH6VU ebLC7GXrCOeweaFsd81KFANyJ4XlsIkETceA6Myyzn6cgvYiaFptVa3n1y7LHx3P 6cmkCG0qwxM90+ucsZZkddkqCyaPQ8RbyFXTVp08ygAHIVhXALN5CWAR76B3KE1i q9WBh4PMTxu50gJDYBPHwONrz6qJ8JznnSwOKpxu7cTVPmMrwunqd4+s4EfqLl85 k+4DKOyUYIUeNTILAZ4kutXBf796ZFXAd4ADybVV9Q1ghltvbVTE/Q== =etDA -END PGP SIGNATURE-
Re: Accentuated email addresses stored in LDAP
On 19.03.2018 07:58, Alexander Dalloz wrote: > Am 18.03.2018 um 23:25 schrieb André Rodier: >> Every other alias works, but not those with accents. They are correctly >> stored in the LDAP database, using base64. > > Why do you even think a character like 'é' would be legal in the local > part of an email address? > > Alexander > Hi! This is slightly more complicated than that. UTF-8 is legal part of local part of an email address, if SMTPUTF8 is used (as per RFC 6532). Dovecot does not yet fully support UTF-8 in certain parts, particularly we do not yet support RFC 6855 (IMAP Support for UTF-8), but we are working on getting that to work, after which you can log in with UTF-8 usernames and passwords reliably. Aki
Re: Accentuated email addresses stored in LDAP
Am 18.03.2018 um 23:25 schrieb André Rodier: Every other alias works, but not those with accents. They are correctly stored in the LDAP database, using base64. Why do you even think a character like 'é' would be legal in the local part of an email address? Alexander
Accentuated email addresses stored in LDAP
Hello everyone, I have successfully set up Dovecot with an LDAP backend, and everything works like a charm, except one small use case. I know it is possible, so if anyone knows a solution, thank you! Basically, I just want to send an email to one of my email address, which contains an accent, i.e. andré@homebox.space Every other alias works, but not those with accents. They are correctly stored in the LDAP database, using base64. I suspect I would need to use base64 again before the lookup, but I don't know how to do and if it is even possible. My filter is set up as this: filter=(&(objectClass=posixAccount)(|(uid=%n)(mail=%u)(mailLocalAddress=%u))) It works perfectly for any email without accent. Thanks for your help. > Mar 18 22:14:28 homebox dovecot[24636]: auth: Debug: Loading modules from > directory: /usr/lib/dovecot/modules/auth > > Mar 18 22:14:28 homebox dovecot[24636]: auth: Debug: Loading modules from > directory: /usr/lib/dovecot/modules/auth > > Mar 18 22:14:28 homebox dovecot[24636]: auth: Debug: Module loaded: > /usr/lib/dovecot/modules/auth/libauthdb_ldap.so > > Mar 18 22:14:28 homebox dovecot[24636]: auth: Debug: Read auth token secret > from /var/run/dovecot/auth-token-secret.dat > Mar 18 22:14:28 homebox dovecot[24636]: auth: Debug: LDAP initialization took > 7 msecs > > Mar 18 22:14:28 homebox dovecot[24636]: auth: Debug: auth client connected > (pid=0) > > Mar 18 22:14:28 homebox dovecot[24636]: quota-status(andré@homebox.space): > Debug: Loading modules from directory: /usr/lib/dovecot/modules > > Mar 18 22:14:28 homebox dovecot[24636]: > quota-status(andré@homebox.space): Debug: Module loaded: > /usr/lib/dovecot/modules/lib10_quota_plugin.so > Mar 18 22:14:28 homebox dovecot[24636]: auth: Debug: master in: USER1 >andré@homebox.spaceservice=quota-status > > Mar 18 22:14:28 homebox dovecot[24636]: auth: Debug: > ldap(andré@homebox.space): user search: base=dc=homebox,dc=space > scope=subtree > filter=(&(objectClass=posixAccount)(|(uid=andré)(mailLocalAddress=andré@homebox.space))) > fields=homeDirectory,uidNumber,gidNumber,mail > > > Mar 18 22:14:28 homebox dovecot[24636]: auth: Debug: > ldap(andré@homebox.space): no fields returned by the server > > Mar 18 22:14:28 homebox dovecot[24636]: auth: ldap(andré@homebox.space): > unknown user > > > Mar 18 22:14:28 homebox dovecot[24636]: auth: Debug: userdb out: NOTFOUND >1 > > Mar 18 22:14:28 homebox dovecot[24636]: quota-status(andré@homebox.space): > Debug: auth USER input: > > > Mar 18 22:14:28 homebox postfix/smtpd[24734]: NOQUEUE: reject: RCPT from > smtpfr.rodier.me[164.132.53.161]: 554 5.7.1 : Recipient > address rejected: Unknown user; from= > to= pro > to=ESMTP helo= > > > Mar 18 22:14:28 homebox postfix/smtpd[24734]: disconnect from > smtpfr.rodier.me[164.132.53.161] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 > quit=1 commands=4/6 >
