[Dovecot] login fails when username has apostrophe

Timo Sirainen tss at iki.fi
Wed Jan 7 19:12:50 EET 2009


On Wed, 2009-01-07 at 00:08 -0500, Timo Sirainen wrote:
> On Jan 6, 2009, at 6:47 PM, Karl Latiss wrote:
> 
> > On Tue, 2009-01-06 at 18:33 -0500, Timo Sirainen wrote:
> >> On Wed, 2009-01-07 at 10:19 +1100, Karl Latiss wrote:
> >>> Jan  5 16:15:05 www-example1 dovecot: auth(default): ldap(julie.o
> >>> \'reilly at example.com,10.3.96.60): pass search: base=dc=example,  
> >>> dc=com
> >>> scope=subtree filter=(&(objectClass=qmailUser)(uid=julie.o\ 
> >>> \'reilly))
> >>> field
> >>> s=mail,userPassword
> >>
> >> I think it should be julie.o\\\'reilly in there. Have to check why.
> >>
> >>> Jan  5 16:15:07 www-example1 dovecot: auth(default): client out:  
> >>> FAIL
> >>> 1       user=julie.o\'reilly at example.com
> >>> failed, 1 attempts): user=<julie.o\'reilly at example.com>,  
> >>> method=PLAIN,
> >>
> >> But I think your client (PHP webmail with automatic slashing  
> >> enabled?)
> >> is sending the initial \ here. Try logging in manually with telnet to
> >> make sure.
> >
> > The previous log output is with me telnetting in manually, however the
> > webmail software (roundcube) produces the same results.
> 
> That's weird. I'll try to reproduce it tomorrow. I don't have a  
> working LDAP server setup currently though. Ubuntu slapd config looks  
> weird.

Works fine here with the current v1.1 hg (but I don't remember having
done any fixes related to LDAP for a long time):

* OK Dovecot ready.
x login "a'b" pass
x OK Logged in.

dovecot: Jan 07 12:10:29 Info: auth(default): new auth connection: pid=12264
dovecot: Jan 07 12:10:31 Info: auth(default): client in: AUTH	1	PLAIN	service=imap	secured	lip=127.0.0.1	rip=127.0.0.1	lport=143	rport=34122	resp=<hidden>
dovecot: Jan 07 12:10:31 Info: auth(default): ldap(a'b,127.0.0.1): pass search: base=ou=dovecot, dc=domain, dc=org scope=subtree filter=(&(objectClass=posixAccount)(uid=a'b)) fields=uid,userPassword
dovecot: Jan 07 12:10:31 Info: auth(default): ldap(a'b,127.0.0.1): result: uid(user)=a'b userPassword(password)=<hidden>
dovecot: Jan 07 12:10:31 Info: auth(default): client out: OK	1	user=a'b
dovecot: Jan 07 12:10:31 Info: auth(default): master in: REQUEST	3	12257	1
dovecot: Jan 07 12:10:31 Info: auth(default): ldap(a'b,127.0.0.1): user search: base=ou=dovecot, dc=domain, dc=org scope=subtree filter=(&(objectClass=posixAccount)(uid=a'b)) fields=homeDirectory,uidNumber,gidNumber
dovecot: Jan 07 12:10:31 Info: auth(default): ldap(a'b,127.0.0.1): result: uidNumber(uid)=1000 gidNumber(gid)=1000 homeDirectory(home)=/home/tss
dovecot: Jan 07 12:10:31 Info: auth(default): master out: USER	3	a'b	uid=1000	gid=1000	home=/home/tss
dovecot: Jan 07 12:10:31 Info: imap-login: Login: user=<a'b>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090107/e9123c35/attachment.bin 


More information about the dovecot mailing list