This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.

Domain (%d) is empty

IMAP or POP3 protocol doesn't have explicit support for domains. The usernames are commonly in user@domain format, and that is also where Dovecot gets the domain from. If the username doesn't have @domain, then the domain is also usually empty (unless auth_default_realm setting is used).

If you login as user@domain, but the %d is still empty, the problem is that your configuration lost the domain part by changing the username. Dovecot doesn't keep track of the domain separately from username, so if something changes username from "user@domain" to just plain "user", the domain is lost and %d returns nothing. If you have auth_debug=yes, this shows up in logs like:

Info: auth(user@domain.org): username changed user@domain.org -> user

Below are some of the most common reasons for this.

Settings

auth_username_format = %Ln lowercases the username but also drops the domain. Use auth_username_format = %Lu instead.

auth_username_format changes the username permanently, currently it's not possible to make it affect only the authentication part.

SQL

password_query gets often misconfigured to drop the domain if username and domain are stored separately. For example:

# BROKEN:
password_query = SELECT username AS user, password FROM users WHERE username = '%n' AND domain = '%d'

The "username AS user" changes the username permanently and the domain is dropped. You can instead use:

# MySQL:
password_query = SELECT concat(username, '@', domain) AS user, password FROM users WHERE username = '%n' AND domain = '%d'

Or you can return username and domain fields separately and Dovecot will merge them into a single user field:

password_query = SELECT username, domain, password FROM users WHERE username = '%n' AND domain = '%d'

DomainLost (last edited 2013-08-21 17:07:02 by TimoSirainen)