From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Thu, 6 Nov 2025 12:20:05 +0000 (+0200)
Subject: auth: Fix auth caching to work with passdb_ldap_bind_userdn
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b326b475bfeac62d0cac67a3dd8cf681b0a2210b;p=thirdparty%2Fdovecot%2Fcore.git

auth: Fix auth caching to work with passdb_ldap_bind_userdn

passdb_ldap_bind_userdn wasn't part of the cache key, so:
 * If no %variables were given in ldap_base or passdb_ldap_filter, startup
   failed with "Cache key must contain at least one variable"
 * If the same %variables were part of ldap_base or passdb_ldap_filter,
   it worked correctly.
 * If different %variables were part of ldap_base or passdb_ldap_filter,
   cached lookups may have returned wrong results.
---

diff --git a/src/auth/passdb-ldap.c b/src/auth/passdb-ldap.c
index b2d2844094..6d7702c629 100644
--- a/src/auth/passdb-ldap.c
+++ b/src/auth/passdb-ldap.c
@@ -465,6 +465,7 @@ static int passdb_ldap_preinit(pool_t pool, struct event *event,
 
 	module->module.default_cache_key = auth_cache_parse_key_and_fields(
 		pool, t_strconcat(ldap_pre->ldap_base,
+				  ldap_pre->passdb_ldap_bind_userdn,
 				  ldap_pre->passdb_ldap_filter, NULL),
 		&auth_post->fields, NULL);