dovecot is not parsing the variables in dovecot-ldap.conf.ext correctly
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dovecot (Ubuntu) |
Expired
|
Low
|
Unassigned |
Bug Description
My dovecot users log in as user@domain, with the ldap directory set up with a couple of different OUs, with one OU per domain. the users in the OUs overlap. if I set
luke@schierer@
hosts = censor001.
tls = yes
tls_ca_cert_dir = /etc/ssl/certs
tls_require_cert = allow
debug_level = 4
auth_bind = yes
base = ou=%d,dc=
scope = subtree
user_filter = (&(objectClass=
pass_filter = (&(objectClass=
blocking = no
luke@schierer@
then I get a search base of
ou=,dc=
I was experimenting, and I tried
base = dc=%d,dc=
which produces a search base of
dc=domain,
which would be correct, except that my ldap tree is set up with OUs and not an extra DC component.
for whatever reason, it will do variable substitution for dc=%d, but not for ou=%d. this is certainly not documented, and seems like wrong behavior, since having an ou in a search base is valid.
luke@schierer@
Description: Ubuntu 18.04.5 LTS
Release: 18.04
luke@schierer@
luke@schierer@
ii dovecot-core 1:2.2.33.
ii dovecot-imapd 1:2.2.33.
ii dovecot-ldap 1:2.2.33.
ii dovecot-pop3d 1:2.2.33.
luke@schierer@
Changed in dovecot (Ubuntu): | |
status: | Expired → New |
There is a reference to a similar issue, of uo=%d,... resulting in uo=,... here:
https:/ /dovecot. org/pipermail/ dovecot/ 2014-June/ 096513. html /dovecot. org/pipermail/ dovecot/ 2014-June/ 096518. html
https:/
The latter suggests there are some search modes (e.g. -A) where there isn't a domain defined for a user, since the search acts on multiple users. You didn't specify how you're using the search base you referenced, so not sure whether this is relevant for your case. If what's discussed in that mail thread doesn't match your use case, I would suggest raising your question on that Dovecot upstream mailing list; they will know what is going on better than us. Also, if the behavior is not a bug, then you might suggest where you had looked in the docs, since that place is probably where a mention should be made. If you raise this discussion there, please include a link on this bug report so we can follow up. If the discussion results in patches they may be worth considering SRUing them to 18.04.