Hello,
I upgraded Dovecot from version 2.3.21 to 2.4.0. In version 2.3.21, I
encountered issues with OAuth2 authentication that had worked correctly in
earlier releases. Specifically, the active_attribute check was failing, even
though Keycloak was sending the active value as true. After upgrading to
Dovecot 2.4.0, the active attribute is now validated successfully, and token
introspection completes as expected. However, I am now encountering the
following error:
2025-10-30 14:43:41.438 Oct 30 13:43:41 auth: Panic: file
expansion-statement.c: line 30 (var_expand_execute_stmt): assertion failed:
(value != NULL)
2025-10-30 14:43:41.444 Oct 30 13:43:41 auth-worker(354): Debug: conn
unix:auth-worker (pid=113,uid=101): Disconnected: Connection closed (fd=-1)
2025-10-30 14:43:41.443 Oct 30 13:43:41 auth: Error: Raw backtrace: #0
test_subprocess_fork[0x7f03870fc510] -> #1 backtrace_append[0x7f03870fc7c0] ->
#2 backtrace_get[0x7f03870fc960] -> #3
event_filter_match_iter_init[0x7f0387106bc0] -> #4
i_syslog_fatal_handler[0x7f0387106d00] -> #5 i_panic[0x7f0387033c8e] -> #6
[unw_get_proc_name() failed: -10] -> #7
var_expand_program_execute[0x7f0387070460] -> #8
settings_file_get[0x7f0387083550] -> #9
settings_parse_keyidx_value_nodup[0x7f0387085660] -> #10
settings_parse_keyidx_value_nodup[0x7f0387085d70] -> #11
settings_parse_keyidx_value_nodup[0x7f0387087180] -> #12
settings_get[0x7f03870877b0] -> #13
auth_worker_auth_request_new[0x558c60949050] -> #14
auth_worker_auth_request_new[0x558c609496e0] -> #15
oauth2_json_tree_build[0x7f03870432f0] -> #16
oauth2_json_tree_build[0x7f03870433d0] -> #17 oauth
2_request_parse_json[0x7f03870435a0] -> #18
http_client_request_callback[0x7f0387091ee0] -> #19
http_client_connection_lost_peer[0x7f0387094850] -> #20
http_client_peer_connection_failure[0x7f038709a090] -> #21
io_loop_call_io[0x7f0387122780] -> #22
io_loop_handler_run_internal[0x7f0387123aa0] -> #23
io_loop_handler_run[0x7f0387123c40] -> #24 io_loop_run[0x7f0387123e40] -> #25
master_service_run[0x7f0387075720] -> #26 main[0x558c60931e80] -> #27
__libc_init_first[0x7f0386dc9150] -> #28 __libc_start_main[0x7f0386dc9200] ->
#29 _start[0x558c609323d0]
Here is my current dovecot.conf.
dovecot_config_version = 2.4.0
dovecot_storage_version = 2.4.0
protocols = imap pop3 lmtp
auth_mechanisms {
oauthbearer = yes
xoauth2 = yes
}
oauth2 {
introspection_url =
https://client-name:[email protected]/auth/realms/realm-name/protocol/openid-connect/token/introspect
introspection_mode = post
active_attribute = active
active_value = true
username_attribute = preferred_username
}
userdb static {
fields {
uid = vmail
gid = vmail
home = /home/vmail/%{user | domain}/%{user | username}
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service auth-worker {
user = vmail
}
log_debug = category=auth
auth_verbose = yes
auth_debug_passwords = yes
mail_driver = maildir
mail_home = /home/vmail/%{user | domain}/%{user | username}
mail_path = ~
ssl_server_cert_file = /etc/ssl/private/vmail.crt
ssl_server_key_file = /etc/ssl/private/vmail.key
ssl_server_dh_file = /etc/dovecot/dh.pem
mail_debug = yes
log_path = /dev/stdout
info_log_path = /dev/stdout
debug_log_path = /dev/stdout
Regards,
Sukanya Morbale
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
