Hi Ruud
I think that message "No such attribute 'userpassword' " is being produced
because the attribute name userPassword in your configuration is being
lower cased by Dovecot and the lower case name is being used by Dovecot
both in the check for existence of the attribute and in the error
messager. (see t_str_lcase call in code below).
That can also explain why the error still happens even when you change
your configuration to use the attribute name userpassword, because that is
in any case the value that Dovecot uses internally when checking for the
existence of the attribute. If so, you can rule out the line of enquiry of
searching for extraneous userpassword attributes in your configuration.
It's still a mystery to me why the existence check went wrong
for %{[1]ldap:userPassword} but not for other attributes in your
configuration like %{[2]ldap:mailDeliveryaddress}, assuming of course that
the latter isn't really called maildeliveryaddress in your schema, which
seems unlikely. Maybe Aki has some more insight.
source code file: auth/db-ldap.c
static int
db_ldap_field_multi_expand(const char *data, const char **value_r,
void *context, const char **error_r)
{
struct db_ldap_field_expand_context *ctx = context;
struct auth_fields *fields = ctx->fields;
const char *field_name = t_str_lcase(data);
const char *value = auth_fields_find(fields,
db_ldap_attribute_as_multi(field_name));
if (value == NULL || *value == '\0')
value = auth_fields_find(fields, field_name);
if (value == NULL || *value == '\0') {
*error_r = t_strdup_printf("No such attribute '%s'", field_name);
return -1;
}
*value_r = value;
return 0;
}
John
On 04/02/2026 15:29, Ruud Baart via dovecot wrote:
Still nobody knows the answer?
In fact it is strange because LDAP attributes are case insensitive.
Further If I change in the LDAP config
passdb ldap { ... fields { ... password = %{[3]ldap:userPassword} }
}
in
passdb ldap { ... fields { ... password = %{[4]ldap:userpassword}
} }
the logins are still OK but the error in the logfile remains the same.
Op 3-2-2026 om 14:45 schreef Ruud Baart via dovecot:
You mean verify with doveconf? Same result
doveconf |grep -i userpassword
password = %{[5]ldap:userPassword}
Op 3-2-2026 om 14:08 schreef Aki Tuomi via dovecot:
I ment in your 2.4.1 config
Aki
On 03/02/2026 14:44 EET Ruud Baart via dovecot
[6]<[email protected]> wrote:
Don't think so
/etc/dovecot/conf.d# grep -H userpassword *
/etc/dovecot/conf.d# grep -H userPassword *
auth-ldap.conf.ext: password = %{[7]ldap:userPassword}
Op 3-2-2026 om 13:35 schreef Aki Tuomi via dovecot:
Could it be that you have
'userpassword' instead of 'userPassword' in your config?
Aki
On 03/02/2026 13:21 EET Ruud Baart via dovecot
[8]<[email protected]>
wrote:
Dovecot 2.4.1 works fine on my Debian Trixie server. I use
LDAP as
backend for the users.
I don't have problems. Authentication works fine. However
logging show
every time the following line:
auth-worker(<user
name@domain,::1)<109040><3v5ddOlJvrgAAAAAAAAAAAAAAAAAAAAB>:
request [7]:
Error: ldap: auth_passdb_post settings: Failed to parse
configuration:
Failed to expand passdb_fields/password setting variables:
ldap: No such
attribute 'userpassword'
The LDAP authentication works correct. So I don't understand
this
message.
My correct working LDAP configuration in auth-ldap.conf.ext:
passdb ldap {
passdb_use_worker = yes
passdb_ldap_filter =
(&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user}))
ldap_bind = yes
fields {
user = %{[9]ldap:mailDeliveryaddress}
password = %{[10]ldap:userPassword}
}
}
userdb ldap {
userdb_use_worker = yes
userdb_ldap_filter =
(&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user}))
fields {
home = %{[11]ldap:mailBase}
mail = %{[12]ldap:mailMessageStore}
mail_path = %{[13]ldap:mailMessageStore}
quota_storage_size = %{[14]ldap:dovecotQuota}
}
}
_______________________________________________
dovecot mailing list -- [15][email protected]
To unsubscribe send an email to [16][email protected]
_______________________________________________
dovecot mailing list -- [17][email protected]
To unsubscribe send an email to [18][email protected]
* Don't think so
/etc/dovecot/conf.d# grep -H userpassword *
/etc/dovecot/conf.d# grep -H userPassword *
auth-ldap.conf.ext: password =
%{[1][19]ldap:userPassword}
Op 3-2-2026 om 13:35 schreef Aki Tuomi via dovecot:
Could it be that you have
'userpassword' instead of 'userPassword' in your config?
Aki
On 03/02/2026 13:21 EET Ruud Baart via dovecot
[2][20]<[email protected]> wrote:
Dovecot 2.4.1 works fine on my Debian Trixie server. I use
LDAP as
backend for the users.
I don't have problems. Authentication works fine. However
logging show
every time the following line:
auth-worker(<user
name@domain,::1)<109040><3v5ddOlJvrgAAAAAAAAAAAAAAAAAAAAB>:
request
[7]:
Error: ldap: auth_passdb_post settings: Failed to parse
configuration:
Failed to expand passdb_fields/password setting variables:
ldap: No
such
attribute 'userpassword'
The LDAP authentication works correct. So I don't
understand this
message.
My correct working LDAP configuration in
auth-ldap.conf.ext:
passdb ldap {
passdb_use_worker = yes
passdb_ldap_filter =
(&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user}))
ldap_bind = yes
fields {
user = %{[3][21]ldap:mailDeliveryaddress}
password = %{[4][22]ldap:userPassword}
}
}
userdb ldap {
userdb_use_worker = yes
userdb_ldap_filter =
(&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user}))
fields {
home = %{[5][23]ldap:mailBase}
mail = %{[6][24]ldap:mailMessageStore}
mail_path = %{[7][25]ldap:mailMessageStore}
quota_storage_size = %{[8][26]ldap:dovecotQuota}
}
}
References
Visible links
1. [27]file:///tmp/tmpw_nfu2nq/ldap:userPassword
2. [28]mailto:[email protected]
3. [29]file:///tmp/tmpw_nfu2nq/ldap:mailDeliveryaddress
4. [30]file:///tmp/tmpw_nfu2nq/ldap:userPassword
5. [31]file:///tmp/tmpw_nfu2nq/ldap:mailBase
6. [32]file:///tmp/tmpw_nfu2nq/ldap:mailMessageStore
7. [33]file:///tmp/tmpw_nfu2nq/ldap:mailMessageStore
8. [34]file:///tmp/tmpw_nfu2nq/ldap:dovecotQuota
9. [35]mailto:[email protected]
10. [36]mailto:[email protected]
11. [37]mailto:[email protected]
12. [38]mailto:[email protected]
_______________________________________________
dovecot mailing list -- [39][email protected]
To unsubscribe send an email to [40][email protected]
References
Visible links
1. file:///tmp/tmp5_y_4r2j/ldap:userPassword
2. file:///tmp/tmp5_y_4r2j/ldap:mailDeliveryaddress
3. file:///tmp/tmp5_y_4r2j/ldap:userPassword
4. file:///tmp/tmp5_y_4r2j/ldap:userpassword
5. file:///tmp/tmp5_y_4r2j/ldap:userPassword
6. mailto:[email protected]
7. file:///tmp/tmp5_y_4r2j/ldap:userPassword
8. mailto:[email protected]
9. file:///tmp/tmp5_y_4r2j/ldap:mailDeliveryaddress
10. file:///tmp/tmp5_y_4r2j/ldap:userPassword
11. file:///tmp/tmp5_y_4r2j/ldap:mailBase
12. file:///tmp/tmp5_y_4r2j/ldap:mailMessageStore
13. file:///tmp/tmp5_y_4r2j/ldap:mailMessageStore
14. file:///tmp/tmp5_y_4r2j/ldap:dovecotQuota
15. mailto:[email protected]
16. mailto:[email protected]
17. mailto:[email protected]
18. mailto:[email protected]
19. file:///tmp/tmp5_y_4r2j/ldap:userPassword
20. mailto:[email protected]
21. file:///tmp/tmp5_y_4r2j/ldap:mailDeliveryaddress
22. file:///tmp/tmp5_y_4r2j/ldap:userPassword
23. file:///tmp/tmp5_y_4r2j/ldap:mailBase
24. file:///tmp/tmp5_y_4r2j/ldap:mailMessageStore
25. file:///tmp/tmp5_y_4r2j/ldap:mailMessageStore
26. file:///tmp/tmp5_y_4r2j/ldap:dovecotQuota
27. file:///tmp/tmpw_nfu2nq/ldap:userPassword
28. mailto:[email protected]
29. file:///tmp/tmpw_nfu2nq/ldap:mailDeliveryaddress
30. file:///tmp/tmpw_nfu2nq/ldap:userPassword
31. file:///tmp/tmpw_nfu2nq/ldap:mailBase
32. file:///tmp/tmpw_nfu2nq/ldap:mailMessageStore
33. file:///tmp/tmpw_nfu2nq/ldap:mailMessageStore
34. file:///tmp/tmpw_nfu2nq/ldap:dovecotQuota
35. mailto:[email protected]
36. mailto:[email protected]
37. mailto:[email protected]
38. mailto:[email protected]
39. mailto:[email protected]
40. mailto:[email protected]
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
