Re: [Dovecot] login fails when username has apostrophe
On Wed, 2009-01-07 at 00:08 -0500, Timo Sirainen wrote: On Jan 6, 2009, at 6:47 PM, Karl Latiss wrote: On Tue, 2009-01-06 at 18:33 -0500, Timo Sirainen wrote: On Wed, 2009-01-07 at 10:19 +1100, Karl Latiss wrote: Jan 5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o \'rei...@example.com,10.3.96.60): pass search: base=dc=example, dc=com scope=subtree filter=((objectClass=qmailUser)(uid=julie.o\ \'reilly)) field s=mail,userPassword I think it should be julie.o\\\'reilly in there. Have to check why. Jan 5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL 1 user=julie.o\'rei...@example.com failed, 1 attempts): user=julie.o\'rei...@example.com, method=PLAIN, But I think your client (PHP webmail with automatic slashing enabled?) is sending the initial \ here. Try logging in manually with telnet to make sure. The previous log output is with me telnetting in manually, however the webmail software (roundcube) produces the same results. That's weird. I'll try to reproduce it tomorrow. I don't have a working LDAP server setup currently though. Ubuntu slapd config looks weird. Works fine here with the current v1.1 hg (but I don't remember having done any fixes related to LDAP for a long time): * OK Dovecot ready. x login a'b pass x OK Logged in. dovecot: Jan 07 12:10:29 Info: auth(default): new auth connection: pid=12264 dovecot: Jan 07 12:10:31 Info: auth(default): client in: AUTH 1 PLAIN service=imapsecured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=34122 resp=hidden dovecot: Jan 07 12:10:31 Info: auth(default): ldap(a'b,127.0.0.1): pass search: base=ou=dovecot, dc=domain, dc=org scope=subtree filter=((objectClass=posixAccount)(uid=a'b)) fields=uid,userPassword dovecot: Jan 07 12:10:31 Info: auth(default): ldap(a'b,127.0.0.1): result: uid(user)=a'b userPassword(password)=hidden dovecot: Jan 07 12:10:31 Info: auth(default): client out: OK1 user=a'b dovecot: Jan 07 12:10:31 Info: auth(default): master in: REQUEST3 12257 1 dovecot: Jan 07 12:10:31 Info: auth(default): ldap(a'b,127.0.0.1): user search: base=ou=dovecot, dc=domain, dc=org scope=subtree filter=((objectClass=posixAccount)(uid=a'b)) fields=homeDirectory,uidNumber,gidNumber dovecot: Jan 07 12:10:31 Info: auth(default): ldap(a'b,127.0.0.1): result: uidNumber(uid)=1000 gidNumber(gid)=1000 homeDirectory(home)=/home/tss dovecot: Jan 07 12:10:31 Info: auth(default): master out: USER 3 a'b uid=1000gid=1000home=/home/tss dovecot: Jan 07 12:10:31 Info: imap-login: Login: user=a'b, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured signature.asc Description: This is a digitally signed message part
Re: [Dovecot] login fails when username has apostrophe
On Wed, 2009-01-07 at 12:12 -0500, Timo Sirainen wrote: The previous log output is with me telnetting in manually, however the webmail software (roundcube) produces the same results. That's weird. I'll try to reproduce it tomorrow. I don't have a working LDAP server setup currently though. Ubuntu slapd config looks weird. Works fine here with the current v1.1 hg (but I don't remember having done any fixes related to LDAP for a long time): * OK Dovecot ready. x login a'b pass x OK Logged in. Also I'm a bit surprised that I've managed to get escaping working with all special LDAP characters without having it tested before: imap-login: Login: user=a\(*),.b, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured signature.asc Description: This is a digitally signed message part
Re: [Dovecot] login fails when username has apostrophe
on 1-7-2009 9:26 AM Timo Sirainen spake the following: On Wed, 2009-01-07 at 12:12 -0500, Timo Sirainen wrote: The previous log output is with me telnetting in manually, however the webmail software (roundcube) produces the same results. That's weird. I'll try to reproduce it tomorrow. I don't have a working LDAP server setup currently though. Ubuntu slapd config looks weird. Works fine here with the current v1.1 hg (but I don't remember having done any fixes related to LDAP for a long time): * OK Dovecot ready. x login a'b pass x OK Logged in. Also I'm a bit surprised that I've managed to get escaping working with all special LDAP characters without having it tested before: imap-login: Login: user=a\(*),.b, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured I wonder if the OP has a character set or encoding issue? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature
Re: [Dovecot] login fails when username has apostrophe
On Wed, 2009-01-07 at 12:12 -0500, Timo Sirainen wrote: On Wed, 2009-01-07 at 00:08 -0500, Timo Sirainen wrote: On Jan 6, 2009, at 6:47 PM, Karl Latiss wrote: On Tue, 2009-01-06 at 18:33 -0500, Timo Sirainen wrote: On Wed, 2009-01-07 at 10:19 +1100, Karl Latiss wrote: Jan 5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o \'rei...@example.com,10.3.96.60): pass search: base=dc=example, dc=com scope=subtree filter=((objectClass=qmailUser)(uid=julie.o\ \'reilly)) field s=mail,userPassword I think it should be julie.o\\\'reilly in there. Have to check why. Jan 5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL 1 user=julie.o\'rei...@example.com failed, 1 attempts): user=julie.o\'rei...@example.com, method=PLAIN, But I think your client (PHP webmail with automatic slashing enabled?) is sending the initial \ here. Try logging in manually with telnet to make sure. The previous log output is with me telnetting in manually, however the webmail software (roundcube) produces the same results. That's weird. I'll try to reproduce it tomorrow. I don't have a working LDAP server setup currently though. Ubuntu slapd config looks weird. Works fine here with the current v1.1 hg (but I don't remember having done any fixes related to LDAP for a long time): * OK Dovecot ready. x login a'b pass x OK Logged in. dovecot: Jan 07 12:10:29 Info: auth(default): new auth connection: pid=12264 dovecot: Jan 07 12:10:31 Info: auth(default): client in: AUTH 1 PLAIN service=imapsecured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=34122 resp=hidden dovecot: Jan 07 12:10:31 Info: auth(default): ldap(a'b,127.0.0.1): pass search: base=ou=dovecot, dc=domain, dc=org scope=subtree filter=((objectClass=posixAccount)(uid=a'b)) fields=uid,userPassword dovecot: Jan 07 12:10:31 Info: auth(default): ldap(a'b,127.0.0.1): result: uid(user)=a'b userPassword(password)=hidden dovecot: Jan 07 12:10:31 Info: auth(default): client out: OK 1 user=a'b dovecot: Jan 07 12:10:31 Info: auth(default): master in: REQUEST 3 12257 1 dovecot: Jan 07 12:10:31 Info: auth(default): ldap(a'b,127.0.0.1): user search: base=ou=dovecot, dc=domain, dc=org scope=subtree filter=((objectClass=posixAccount)(uid=a'b)) fields=homeDirectory,uidNumber,gidNumber dovecot: Jan 07 12:10:31 Info: auth(default): ldap(a'b,127.0.0.1): result: uidNumber(uid)=1000 gidNumber(gid)=1000 homeDirectory(home)=/home/tss dovecot: Jan 07 12:10:31 Info: auth(default): master out: USER3 a'b uid=1000gid=1000home=/home/tss dovecot: Jan 07 12:10:31 Info: imap-login: Login: user=a'b, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Where else can I look? This version was compiled on FreeBSD 7.0 64 bit using the ports system with the following configure options: --localstatedir=/var \ --with-statedir=/var/db/dovecot \ --without-shadow \ --with-ioloop=kqueue \ --without-gssapi \ --without-vpopmail \ --with-ldap \ --without-pgsql \ --without-mysql \ --without-sqlite The openldap libraries used were openldap-client-2.4.11 Karl.
Re: [Dovecot] login fails when username has apostrophe
On Wed, 2009-01-07 at 11:09 -0800, Scott Silva wrote: on 1-7-2009 9:26 AM Timo Sirainen spake the following: On Wed, 2009-01-07 at 12:12 -0500, Timo Sirainen wrote: The previous log output is with me telnetting in manually, however the webmail software (roundcube) produces the same results. That's weird. I'll try to reproduce it tomorrow. I don't have a working LDAP server setup currently though. Ubuntu slapd config looks weird. Works fine here with the current v1.1 hg (but I don't remember having done any fixes related to LDAP for a long time): * OK Dovecot ready. x login a'b pass x OK Logged in. Also I'm a bit surprised that I've managed to get escaping working with all special LDAP characters without having it tested before: imap-login: Login: user=a\(*),.b, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured I wonder if the OP has a character set or encoding issue? My dovecot package has a dependency on libiconv-1.11_1. Could that have something to do with it? Karl.
Re: [Dovecot] login fails when username has apostrophe
On Thu, 2009-01-08 at 08:27 +1100, Karl Latiss wrote: On Wed, 2009-01-07 at 11:09 -0800, Scott Silva wrote: on 1-7-2009 9:26 AM Timo Sirainen spake the following: On Wed, 2009-01-07 at 12:12 -0500, Timo Sirainen wrote: The previous log output is with me telnetting in manually, however the webmail software (roundcube) produces the same results. That's weird. I'll try to reproduce it tomorrow. I don't have a working LDAP server setup currently though. Ubuntu slapd config looks weird. Works fine here with the current v1.1 hg (but I don't remember having done any fixes related to LDAP for a long time): * OK Dovecot ready. x login a'b pass x OK Logged in. Also I'm a bit surprised that I've managed to get escaping working with all special LDAP characters without having it tested before: imap-login: Login: user=a\(*),.b, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured I wonder if the OP has a character set or encoding issue? My dovecot package has a dependency on libiconv-1.11_1. Could that have something to do with it? No. You have several extra \ characters in the logs and they just shouldn't be there unless the client sent them. Set auth_debug_passwords=yes and paste the full logs when logging in? (Use a password that isn't important.) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] login fails when username has apostrophe
On Wed, 2009-01-07 at 16:31 -0500, Timo Sirainen wrote: On Thu, 2009-01-08 at 08:27 +1100, Karl Latiss wrote: On Wed, 2009-01-07 at 11:09 -0800, Scott Silva wrote: on 1-7-2009 9:26 AM Timo Sirainen spake the following: On Wed, 2009-01-07 at 12:12 -0500, Timo Sirainen wrote: The previous log output is with me telnetting in manually, however the webmail software (roundcube) produces the same results. That's weird. I'll try to reproduce it tomorrow. I don't have a working LDAP server setup currently though. Ubuntu slapd config looks weird. Works fine here with the current v1.1 hg (but I don't remember having done any fixes related to LDAP for a long time): * OK Dovecot ready. x login a'b pass x OK Logged in. Also I'm a bit surprised that I've managed to get escaping working with all special LDAP characters without having it tested before: imap-login: Login: user=a\(*),.b, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured I wonder if the OP has a character set or encoding issue? My dovecot package has a dependency on libiconv-1.11_1. Could that have something to do with it? No. You have several extra \ characters in the logs and they just shouldn't be there unless the client sent them. Set auth_debug_passwords=yes and paste the full logs when logging in? (Use a password that isn't important.) That doesn't look any different... Jan 8 08:39:22 www-example1 dovecot: auth(default): client in: AUTH 1 PLAIN service=imapsecured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=63870 resp=AGp1bGllLm8ncmVpbGx5QHFmY3Jldy5jb20ANTcyMjIz Jan 8 08:39:22 www-example1 dovecot: auth(default): ldap(julie.o \'rei...@example.com,127.0.0.1): pass search: base=dc=example, dc=com scope=subtree filter=((objectClass=qmailUser)(uid=julie.o\\'reilly)) fields=mail,userPassword Jan 8 08:39:22 www-example1 dovecot: auth(default): ldap(julie.o \'rei...@example.com,127.0.0.1): unknown user Jan 8 08:39:24 www-example1 dovecot: auth(default): client out: FAIL 1 user=julie.o\'rei...@example.com Jan 8 08:39:28 www-example1 dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=julie.o\'rei...@example.com, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Karl.
Re: [Dovecot] login fails when username has apostrophe
On Thu, 2009-01-08 at 08:50 +1100, Karl Latiss wrote: No. You have several extra \ characters in the logs and they just shouldn't be there unless the client sent them. Set auth_debug_passwords=yes and paste the full logs when logging in? (Use a password that isn't important.) That doesn't look any different... OK, so the problem is auth_username_format instead of LDAP. Fixed: http://hg.dovecot.org/dovecot-1.1/rev/3d32b23f7437 Or just comment out the auth_username_format setting. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] login fails when username has apostrophe
On Wed, 2009-01-07 at 17:05 -0500, Timo Sirainen wrote: On Thu, 2009-01-08 at 08:50 +1100, Karl Latiss wrote: No. You have several extra \ characters in the logs and they just shouldn't be there unless the client sent them. Set auth_debug_passwords=yes and paste the full logs when logging in? (Use a password that isn't important.) That doesn't look any different... OK, so the problem is auth_username_format instead of LDAP. Fixed: http://hg.dovecot.org/dovecot-1.1/rev/3d32b23f7437 Or just comment out the auth_username_format setting. That's it! Now login works perfect. Thanks for your quick responses and fix. Karl.
Re: [Dovecot] login fails when username has apostrophe
Sorry to bump so quickly but I have a handful of users who can't log in at the moment and would like to get this fixed. Am I missing a config option or is this a bug? The only reference I can find in the mailing list archives is that this configuration should be supported. Karl. -- Hi I've added the apostrophe character to auth_username_chars however authentication still fails. I'm using LDAP with the following details: dovecot version 1.1.7 openldap client library 2.4.11 With auth_verbose = yes and auth_debug = yes set I see the following in the logs. Note the initial escaped apostrophe and the subsequent escaped escape in the filter! - start log - Jan 5 16:15:05 www-example1 dovecot: auth(default): client in: AUTH 1 PLAIN service=imaplip=10.1.1.180 rip=10.3.96.60 lport=143 rport=48733 resp=hidden Jan 5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o \'rei...@example.com,10.3.96.60): pass search: base=dc=example, dc=com scope=subtree filter=((objectClass=qmailUser)(uid=julie.o\\'reilly)) field s=mail,userPassword Jan 5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o \'rei...@example.com,10.3.96.60): unknown user Jan 5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL 1 user=julie.o\'rei...@example.com failed, 1 attempts): user=julie.o\'rei...@example.com, method=PLAIN, rip=10.3.96.60, lip=10.1.1.180 - end log - Users without apostrophes can authenticate successfully. If I've missed anything please let me know. # dovecot -n # 1.1.7: /usr/local/etc/dovecot.conf # OS: FreeBSD 7.0-RELEASE amd64 ufs protocols: imap listen: 10.1.1.180 ssl_disable: yes disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login login_greeting_capability: yes verbose_proctitle: yes first_valid_uid: 999 first_valid_gid: 999 mail_privileged_group: mail mail_uid: 999 mail_gid: 999 mail_location: maildir:/usr/home/vmail/%Ld/%Ln imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep auth default: mechanisms: plain login username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@' username_format: %Lu passdb: driver: ldap args: /usr/local/etc/dovecot-ldap.conf userdb: driver: ldap args: /usr/local/etc/dovecot-ldap.conf socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 master: path: /var/run/dovecot/auth-master mode: 384 user: vmail # grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf uris = ldap://www-example1:389 dn = uid=,dc=example,dc=com dnpass = sasl_bind = no tls = no auth_bind = no ldap_version = 3 base = dc=example, dc=com user_attrs = homeDirectory=home=/usr/home/vmail/%L $,mailMessageStore=mail=maildir:/usr/home/vmail/%L$,=uid=999,=gid=999 user_filter = ((objectClass=qmailUser)(uid=%n)) pass_attrs = mail=user,userPassword=password pass_filter = ((objectClass=qmailUser)(uid=%n)) default_pass_scheme = PLAIN -- Karl Latiss klat...@nextdigital.com Next Digital
Re: [Dovecot] login fails when username has apostrophe
On Wed, 2009-01-07 at 10:19 +1100, Karl Latiss wrote: Jan 5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o \'rei...@example.com,10.3.96.60): pass search: base=dc=example, dc=com scope=subtree filter=((objectClass=qmailUser)(uid=julie.o\\'reilly)) field s=mail,userPassword I think it should be julie.o\\\'reilly in there. Have to check why. Jan 5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL 1 user=julie.o\'rei...@example.com failed, 1 attempts): user=julie.o\'rei...@example.com, method=PLAIN, But I think your client (PHP webmail with automatic slashing enabled?) is sending the initial \ here. Try logging in manually with telnet to make sure. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] login fails when username has apostrophe
On Tue, 2009-01-06 at 18:33 -0500, Timo Sirainen wrote: On Wed, 2009-01-07 at 10:19 +1100, Karl Latiss wrote: Jan 5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o \'rei...@example.com,10.3.96.60): pass search: base=dc=example, dc=com scope=subtree filter=((objectClass=qmailUser)(uid=julie.o\\'reilly)) field s=mail,userPassword I think it should be julie.o\\\'reilly in there. Have to check why. Jan 5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL 1 user=julie.o\'rei...@example.com failed, 1 attempts): user=julie.o\'rei...@example.com, method=PLAIN, But I think your client (PHP webmail with automatic slashing enabled?) is sending the initial \ here. Try logging in manually with telnet to make sure. The previous log output is with me telnetting in manually, however the webmail software (roundcube) produces the same results. Karl.
Re: [Dovecot] login fails when username has apostrophe
Karl Latiss wrote: On Tue, 2009-01-06 at 18:33 -0500, Timo Sirainen wrote: On Wed, 2009-01-07 at 10:19 +1100, Karl Latiss wrote: Jan 5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o \'rei...@example.com,10.3.96.60): pass search: base=dc=example, dc=com scope=subtree filter=((objectClass=qmailUser)(uid=julie.o\\'reilly)) field s=mail,userPassword I think it should be julie.o\\\'reilly in there. Have to check why. Jan 5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL 1 user=julie.o\'rei...@example.com failed, 1 attempts): user=julie.o\'rei...@example.com, method=PLAIN, But I think your client (PHP webmail with automatic slashing enabled?) is sending the initial \ here. Try logging in manually with telnet to make sure. The previous log output is with me telnetting in manually, however the webmail software (roundcube) produces the same results. It's not an apostrophe - it's an unmatched quote. You'll probably get faster results by changing to logins that don't anger input string sanity checks. Otherwise, be prepared to wait a while for a solution. Probably not what you want to hear, but if you have people knocking down the door over this problem, you're going to have to use what will work. ~Seth
Re: [Dovecot] login fails when username has apostrophe
On Tue, 2009-01-06 at 16:04 -0800, Seth Mattinen wrote: Karl Latiss wrote: On Tue, 2009-01-06 at 18:33 -0500, Timo Sirainen wrote: On Wed, 2009-01-07 at 10:19 +1100, Karl Latiss wrote: Jan 5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o \'rei...@example.com,10.3.96.60): pass search: base=dc=example, dc=com scope=subtree filter=((objectClass=qmailUser)(uid=julie.o\\'reilly)) field s=mail,userPassword I think it should be julie.o\\\'reilly in there. Have to check why. Jan 5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL 1 user=julie.o\'rei...@example.com failed, 1 attempts): user=julie.o\'rei...@example.com, method=PLAIN, But I think your client (PHP webmail with automatic slashing enabled?) is sending the initial \ here. Try logging in manually with telnet to make sure. The previous log output is with me telnetting in manually, however the webmail software (roundcube) produces the same results. It's not an apostrophe - it's an unmatched quote. You'll probably get faster results by changing to logins that don't anger input string sanity checks. Otherwise, be prepared to wait a while for a solution. Probably not what you want to hear, but if you have people knocking down the door over this problem, you're going to have to use what will work. ~Seth I understand how it could be interpreted as an unmatched quote but according to Timo (http://www.mail-archive.com/dovecot@dovecot.org/msg09489.html) this should work. At any rate since the user database is provided by the client from their (various) systems it's unlikely I will be able to change user names. Karl.
Re: [Dovecot] login fails when username has apostrophe
Karl Latiss wrote: On Tue, 2009-01-06 at 16:04 -0800, Seth Mattinen wrote: Karl Latiss wrote: On Tue, 2009-01-06 at 18:33 -0500, Timo Sirainen wrote: On Wed, 2009-01-07 at 10:19 +1100, Karl Latiss wrote: Jan 5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o \'rei...@example.com,10.3.96.60): pass search: base=dc=example, dc=com scope=subtree filter=((objectClass=qmailUser)(uid=julie.o\\'reilly)) field s=mail,userPassword I think it should be julie.o\\\'reilly in there. Have to check why. Jan 5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL 1 user=julie.o\'rei...@example.com failed, 1 attempts): user=julie.o\'rei...@example.com, method=PLAIN, But I think your client (PHP webmail with automatic slashing enabled?) is sending the initial \ here. Try logging in manually with telnet to make sure. The previous log output is with me telnetting in manually, however the webmail software (roundcube) produces the same results. It's not an apostrophe - it's an unmatched quote. You'll probably get faster results by changing to logins that don't anger input string sanity checks. Otherwise, be prepared to wait a while for a solution. Probably not what you want to hear, but if you have people knocking down the door over this problem, you're going to have to use what will work. ~Seth I understand how it could be interpreted as an unmatched quote but according to Timo (http://www.mail-archive.com/dovecot@dovecot.org/msg09489.html) this should work. At any rate since the user database is provided by the client from their (various) systems it's unlikely I will be able to change user names. Try a different auth method. ~Seth
Re: [Dovecot] login fails when username has apostrophe
On Tue, 2009-01-06 at 16:47 -0800, Seth Mattinen wrote: Karl Latiss wrote: On Tue, 2009-01-06 at 16:04 -0800, Seth Mattinen wrote: Karl Latiss wrote: On Tue, 2009-01-06 at 18:33 -0500, Timo Sirainen wrote: On Wed, 2009-01-07 at 10:19 +1100, Karl Latiss wrote: Jan 5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o \'rei...@example.com,10.3.96.60): pass search: base=dc=example, dc=com scope=subtree filter=((objectClass=qmailUser)(uid=julie.o\\'reilly)) field s=mail,userPassword I think it should be julie.o\\\'reilly in there. Have to check why. Jan 5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL 1 user=julie.o\'rei...@example.com failed, 1 attempts): user=julie.o\'rei...@example.com, method=PLAIN, But I think your client (PHP webmail with automatic slashing enabled?) is sending the initial \ here. Try logging in manually with telnet to make sure. The previous log output is with me telnetting in manually, however the webmail software (roundcube) produces the same results. It's not an apostrophe - it's an unmatched quote. You'll probably get faster results by changing to logins that don't anger input string sanity checks. Otherwise, be prepared to wait a while for a solution. Probably not what you want to hear, but if you have people knocking down the door over this problem, you're going to have to use what will work. ~Seth I understand how it could be interpreted as an unmatched quote but according to Timo (http://www.mail-archive.com/dovecot@dovecot.org/msg09489.html) this should work. At any rate since the user database is provided by the client from their (various) systems it's unlikely I will be able to change user names. Try a different auth method. Do you mean try MySQL or PAM etc? I may be able to do that on another install however this project requires user accounts to be stored in LDAP so will need LDAP auth working one way or another. Karl.
Re: [Dovecot] login fails when username has apostrophe
On Jan 6, 2009, at 6:47 PM, Karl Latiss wrote: On Tue, 2009-01-06 at 18:33 -0500, Timo Sirainen wrote: On Wed, 2009-01-07 at 10:19 +1100, Karl Latiss wrote: Jan 5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o \'rei...@example.com,10.3.96.60): pass search: base=dc=example, dc=com scope=subtree filter=((objectClass=qmailUser)(uid=julie.o\ \'reilly)) field s=mail,userPassword I think it should be julie.o\\\'reilly in there. Have to check why. Jan 5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL 1 user=julie.o\'rei...@example.com failed, 1 attempts): user=julie.o\'rei...@example.com, method=PLAIN, But I think your client (PHP webmail with automatic slashing enabled?) is sending the initial \ here. Try logging in manually with telnet to make sure. The previous log output is with me telnetting in manually, however the webmail software (roundcube) produces the same results. That's weird. I'll try to reproduce it tomorrow. I don't have a working LDAP server setup currently though. Ubuntu slapd config looks weird.
Re: [Dovecot] login fails when username has apostrophe
Karl Latiss wrote: On Tue, 2009-01-06 at 16:47 -0800, Seth Mattinen wrote: Karl Latiss wrote: On Tue, 2009-01-06 at 16:04 -0800, Seth Mattinen wrote: Karl Latiss wrote: On Tue, 2009-01-06 at 18:33 -0500, Timo Sirainen wrote: On Wed, 2009-01-07 at 10:19 +1100, Karl Latiss wrote: Jan 5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o \'rei...@example.com,10.3.96.60): pass search: base=dc=example, dc=com scope=subtree filter=((objectClass=qmailUser)(uid=julie.o\\'reilly)) field s=mail,userPassword I think it should be julie.o\\\'reilly in there. Have to check why. Jan 5 16:15:07 www-example1 dovecot: auth(default): client out: FAIL 1 user=julie.o\'rei...@example.com failed, 1 attempts): user=julie.o\'rei...@example.com, method=PLAIN, But I think your client (PHP webmail with automatic slashing enabled?) is sending the initial \ here. Try logging in manually with telnet to make sure. The previous log output is with me telnetting in manually, however the webmail software (roundcube) produces the same results. It's not an apostrophe - it's an unmatched quote. You'll probably get faster results by changing to logins that don't anger input string sanity checks. Otherwise, be prepared to wait a while for a solution. Probably not what you want to hear, but if you have people knocking down the door over this problem, you're going to have to use what will work. ~Seth I understand how it could be interpreted as an unmatched quote but according to Timo (http://www.mail-archive.com/dovecot@dovecot.org/msg09489.html) this should work. At any rate since the user database is provided by the client from their (various) systems it's unlikely I will be able to change user names. Try a different auth method. Do you mean try MySQL or PAM etc? I may be able to do that on another install however this project requires user accounts to be stored in LDAP so will need LDAP auth working one way or another. Start with PAM or some other simple auth method. If it works and LDAP won't, then you know it's not Doevcot and to focus on LDAP - either Dovecot's LDAP module or LDAP itself. ~Seth