[Dovecot] Multiple use of the same LDAP attribute

[Bernhard Schmidt]

Hi,

we've found a weird bug (?) in Dovecot 1.1.11. 

Since day and age we've been running dovecot for our student mailserver,
getting the location of the mailbox from a LDAP directory. We allow
login and LDA with both full mail address and an internal username,
so the mailbox directory is based on a LDAP attribute

user_attrs =
	xxxMailbox=mail=maildir:/home/mailstore/%U$/Maildir:INDEX=/home/mailstore/indexes/%1U$/%U$,
	uidNumber=vmail, gidNumber=vmail,
	xxxMailQuota=quota_rule2=*:storage=%$B

this worked just fine until we introduced sieve, which made us realize
we did not have the home directory set at all.

The obvious and easy fix (we thought) was to set the home directory
based on the xxxMailbox variable as well:

user_attrs =
	xxxMailbox=mail=maildir:/home/mailstore/%U$/Maildir:INDEX=/home/mailstore/indexes/%1U$/%U$,
	uidNumber=vmail, gidNumber=vmail,
	xxxMailQuota=quota_rule2=*:storage=%$B, xxxMailbox=home=/home/mailstore/%U$

unfortunately, after this trivial change hell froze over, because
suddenly the mail variable was not set at all anymore, and since we had
set

mail_location =
	maildir:/home/mailstore/%Uu/Maildir:INDEX=/home/mailstore/indexes/%1Un/%Un

(based on username) it was suddenly delivered into the wrong folder
(based on the supplied username, not on the LDAP attribute).

Debug from after the change:
Apr  8 13:53:39 lxmhs23 dovecot: auth(default): ldap(username at xxx.de): user search: base=<deleted> scope=onelevel filter=<deleted> fields=xxxMailbox,uidNumber,gidNumber,xxxMailQuota,xxxMailbox 
Apr  8 13:53:39 lxmhs23 dovecot: auth(default): ldap(username at xxx.de): result: xxxMailQuota(quota_rule2=*:storage=%$B)=*:storage=1073741824B xxxMailbox(home=/home/mailstore/%U$)=/home/mailstore/1636D8B1D7916DEA/
[...]
Apr  8 13:53:39 lxmhs23 deliver(username at xxx.de): maildir: data=/home/mailstore/USERNAME at XXX.DE/Maildir:INDEX=/home/mailstore/indexes/U/USERNAME

As you can see the mail variable wasn't set by LDAP at all.

We did some more tests and found a workaround, when using another LDAP 
(mwnid) attribute that contains the same information it works just fine

user_attrs =
	xxxMailbox=mail=maildir:/home/mailstore/%U$/Maildir:INDEX=/home/mailstore/indexes/%1U$/%U$,
	uidNumber=vmail, gidNumber=vmail,
	xxxMailQuota=quota_rule2=*:storage=%$B, mwnid=home=/home/mailstore/%U$

Apr  8 14:18:06 lxmhs23 dovecot: auth(default): ldap(username at xxx.de): user search: base=<deleted> scope=onelevel filter=<deleted> fields=xxxMailbox,uidNumber,gidNumber,xxxMailQuota,mwnid
Apr  8 14:18:06 lxmhs23 dovecot: auth(default): ldap(username at xxx.de): result: xxxMailQuota(quota_rule2=*:storage=%$B)=*:storage=1073741824B xxxMailbox(mail=maildir:/home/mailstore/%U$/Maildir:INDEX=/home/mailstore/indexes/%1U$/%U$)=maildir:/home/mailstore/1636D8B1D7916DEA//Maildir:INDEX=/home/mailstore/indexes/1/1636D8B1D7916DEA/ mwnid(home=/home/mailstore/%U$)=/home/mailstore/1636D8B1D7916DEA
Apr  8 14:18:06 lxmhs23 deliver(username at xxx.de): maildir: data=/home/mailstore/1636D8B1D7916DEA//Maildir:INDEX=/home/mailstore/indexes/1/1636D8B1D7916DEA/

So, it looks like there is an issue using the same LDAP attribute
(xxxMailbox in this case) twice in variable expansion.

Is this a known issue? Of course there are several viable workarounds
(base mail location on home directory, use the second attribute), but
this problem was pretty surprising.

Bernhard