summaryrefslogtreecommitdiffstats
path: root/doc/wiki/DomainLost.txt
blob: d7d24a579a1bdd23040253269f4c9307410bb6b7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Domain (%d) is empty
====================

IMAP or POP3 protocol doesn't have explicit support for domains. The usernames
are commonly in user@domain format, and that is also where Dovecot gets the
domain from. If the username doesn't have @domain, then the domain is also
usually empty (unless 'auth_default_realm' setting is used).

If you login as user@domain, but the %d is still empty, the problem is that
your configuration lost the domain part by changing the username. Dovecot
doesn't keep track of the domain separately from username, so if something
changes username from "user@domain" to just plain "user", the domain is lost
and %d returns nothing. If you have 'auth_debug=yes', this shows up in logs
like:

---%<-------------------------------------------------------------------------
Info: auth(user@domain.org): username changed user@domain.org -> user
---%<-------------------------------------------------------------------------

Below are some of the most common reasons for this.

Settings
--------

'auth_username_format = %Ln' lowercases the username but also drops the domain.
Use 'auth_username_format = %Lu' instead.

'auth_username_format' changes the username permanently, currently it's not
possible to make it affect only the authentication part.

SQL
---

'password_query' gets often misconfigured to drop the domain if username and
domain are stored separately. For example:

---%<-------------------------------------------------------------------------
# BROKEN:
password_query = SELECT username AS user, password FROM users WHERE username =
'%n' AND domain = '%d'
---%<-------------------------------------------------------------------------

The "username AS user" changes the username permanently and the domain is
dropped. You can instead use:

---%<-------------------------------------------------------------------------
# MySQL:
password_query = SELECT concat(username, '@', domain) AS user, password FROM
users WHERE username = '%n' AND domain = '%d'
---%<-------------------------------------------------------------------------

Or you can return username and domain fields separately and Dovecot will merge
them into a single user field:

---%<-------------------------------------------------------------------------
password_query = SELECT username, domain, password FROM users WHERE username =
'%n' AND domain = '%d'
---%<-------------------------------------------------------------------------

(This file was created from the wiki on 2019-06-19 12:42)