Re: Error: ldap: auth_passdb_post settings

Wed, 04 Feb 2026 14:24:47 -0800 

Hi Ruud
sorry, maybe it was too long and not that clear. What I am saying is that even if you have userPassword in your configuration, the error message for that particular error will always state the attribute in lower case. It is pointless to look for some configuration error containing userpassword since the attribute name userPassword will also generate that error you see. 


But that gets no closer to understanding why the error is generated in 
the first place, especially considering that the authentication works 
anyway.


John

What is not clear to me

On 04/02/2026 21:29, Ruud Baart via dovecot wrote:

I'm tired. I have been working many hours now. So it may be that I 
don't quite understand you correctly. The conclusion I draw from these 
responsen is that there is something strange going on that I can't do 
anything about. Dovecot seems to be working fine on my server, so I'm 
not immediately concerned.



I checked the exact spelling of the attributes I use. It is as 
follows. In the ldif dump: mailBase, mailMessageStore, dovecotQuota,  
mailDeliveryAddress and userPassword. And indeed, only userPassword 
gives an error.


Op 4-2-2026 om 19:54 schreef John Fawcett via dovecot:

    Hi Ruud


    I think that message "No such attribute 'userpassword' " is being 
produced
    because the attribute name userPassword in your configuration is 
being
    lower cased by Dovecot and the lower case name is being used by 
Dovecot

    both in the check for existence of the attribute and in the error
    messager. (see t_str_lcase call in code below).


    That can also explain why the error still happens even when you 
change
    your configuration to use the attribute name userpassword, 
because that is
    in any case the value that Dovecot uses internally when checking 
for the
    existence of the attribute. If so, you can rule out the line of 
enquiry of
    searching for extraneous userpassword attributes in your 
configuration.


    It's still a mystery to me why the existence check went wrong
    for %{[1]ldap:userPassword} but not for other attributes in your

    configuration like %{[2]ldap:mailDeliveryaddress}, assuming of 
course that
    the latter isn't really called maildeliveryaddress in your 
schema, which

    seems unlikely. Maybe Aki has some more insight.

    source code file: auth/db-ldap.c

    static int
    db_ldap_field_multi_expand(const char *data, const char **value_r,
                   void *context, const char **error_r)
    {
        struct db_ldap_field_expand_context *ctx = context;
        struct auth_fields *fields = ctx->fields;
        const char *field_name = t_str_lcase(data);

        const char *value = auth_fields_find(fields,
db_ldap_attribute_as_multi(field_name));
        if (value == NULL || *value == '\0')
            value = auth_fields_find(fields, field_name);

        if (value == NULL || *value == '\0') {

            *error_r = t_strdup_printf("No such attribute '%s'", 
field_name);

            return -1;
        }
        *value_r = value;
        return 0;
    }

    John

    On 04/02/2026 15:29, Ruud Baart via dovecot wrote:

      Still nobody knows the answer?


      In fact it is strange because LDAP attributes are case 
insensitive.

      Further If I change in the LDAP config


          passdb ldap { ... fields { ... password = 
%{[3]ldap:userPassword} }

      }

      in


            passdb ldap { ... fields { ... password = 
%{[4]ldap:userpassword}

      } }


      the logins are still OK but the error in the logfile remains 
the same.


      Op 3-2-2026 om 14:45 schreef Ruud Baart via dovecot:

        You mean verify with doveconf? Same result

        doveconf |grep -i userpassword
            password = %{[5]ldap:userPassword}

        Op 3-2-2026 om 14:08 schreef Aki Tuomi via dovecot:

          I ment in your 2.4.1 config

          Aki

            On 03/02/2026 14:44 EET Ruud Baart via dovecot
            [6]<[email protected]> wrote:

              Don't think so

            /etc/dovecot/conf.d# grep -H userpassword *
            /etc/dovecot/conf.d# grep -H userPassword *

            auth-ldap.conf.ext:             password = 
%{[7]ldap:userPassword}


            Op 3-2-2026 om 13:35 schreef Aki Tuomi via dovecot:

              Could it be that you have

              'userpassword' instead of 'userPassword' in your config?

              Aki

                On 03/02/2026 13:21 EET Ruud Baart via dovecot
                [8]<[email protected]>
                wrote:


                Dovecot 2.4.1 works fine on my Debian Trixie server. 
I use

                LDAP as
                backend for the users.


                I don't have problems. Authentication works fine. 
However

                logging show
                every time the following line:

                auth-worker(<user
name@domain,::1)<109040><3v5ddOlJvrgAAAAAAAAAAAAAAAAAAAAB>:
                request [7]:
                Error: ldap: auth_passdb_post settings: Failed to parse
                configuration:

                Failed to expand passdb_fields/password setting 
variables:

                ldap: No such
                attribute 'userpassword'


                The LDAP authentication works correct. So I don't 
understand

                this
                message.


                My correct working LDAP configuration in 
auth-ldap.conf.ext:


                passdb ldap {
                    passdb_use_worker = yes
                    passdb_ldap_filter =
(&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user}))
                    ldap_bind = yes
                    fields {
                       user = %{[9]ldap:mailDeliveryaddress}
                       password = %{[10]ldap:userPassword}
                    }
                }

                userdb ldap {
                    userdb_use_worker = yes
                    userdb_ldap_filter =
(&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user}))
                    fields {
                       home = %{[11]ldap:mailBase}
                       mail = %{[12]ldap:mailMessageStore}
                       mail_path = %{[13]ldap:mailMessageStore}
                       quota_storage_size = %{[14]ldap:dovecotQuota}
                    }
                }

                _______________________________________________
                dovecot mailing list -- [15][email protected]

                To unsubscribe send an email to 
[16][email protected]


              _______________________________________________
              dovecot mailing list -- [17][email protected]

              To unsubscribe send an email to 
[18][email protected]


            *   Don't think so

                /etc/dovecot/conf.d# grep -H userpassword *
                /etc/dovecot/conf.d# grep -H userPassword *
                auth-ldap.conf.ext:             password =
            %{[1][19]ldap:userPassword}

                Op 3-2-2026 om 13:35 schreef Aki Tuomi via dovecot:

                  Could it be that you have


                  'userpassword' instead of 'userPassword' in your 
config?


                  Aki

                    On 03/02/2026 13:21 EET Ruud Baart via dovecot
                    [2][20]<[email protected]> wrote:


                    Dovecot 2.4.1 works fine on my Debian Trixie 
server. I use

            LDAP as
                    backend for the users.


                    I don't have problems. Authentication works fine. 
However

            logging show
                    every time the following line:

                    auth-worker(<user
name@domain,::1)<109040><3v5ddOlJvrgAAAAAAAAAAAAAAAAAAAAB>:
            request
                    [7]:

                    Error: ldap: auth_passdb_post settings: Failed to 
parse

            configuration:

                    Failed to expand passdb_fields/password setting 
variables:

            ldap: No
                    such
                    attribute 'userpassword'

                    The LDAP authentication works correct. So I don't
            understand this
                    message.

                    My correct working LDAP configuration in
            auth-ldap.conf.ext:

                    passdb ldap {
                       passdb_use_worker = yes
                       passdb_ldap_filter =
(&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user}))
                       ldap_bind = yes
                       fields {
                          user = %{[3][21]ldap:mailDeliveryaddress}
                          password = %{[4][22]ldap:userPassword}
                       }
                    }

                    userdb ldap {
                       userdb_use_worker = yes
                       userdb_ldap_filter =
(&(objectClass=PromptMailUser)(accountStatus=TRUE)(mailDeliveryaddress=%{user}))
                       fields {
                          home = %{[5][23]ldap:mailBase}
                          mail = %{[6][24]ldap:mailMessageStore}
                          mail_path = %{[7][25]ldap:mailMessageStore}

                          quota_storage_size = 
%{[8][26]ldap:dovecotQuota}

                       }
                    }


_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]






















					Reply via email to