--- a/src/auth/auth-cache.c	Fri Nov 02 16:37:05 2007 +0200
+++ b/src/auth/auth-cache.c	Fri Nov 02 17:09:46 2007 +0200
@@ -209,12 +209,12 @@
 		return;
 	}
 
-	/* store into cache using the original username, except if we're doing
+	/* store into cache using the translated username, except if we're doing
 	   a master user login */
 	current_username = request->user;
-	if (request->original_username != NULL &&
+	if (request->translated_username != NULL &&
 	    request->requested_login_user == NULL)
-		request->user = t_strdup_noconst(request->original_username);
+		request->user = t_strdup_noconst(request->translated_username);
 
 	/* %! is prepended automatically. it contains the db ID number. */
 	str = t_str_new(256);

--- a/src/auth/auth-request.c	Fri Nov 02 16:37:05 2007 +0200
+++ b/src/auth/auth-request.c	Fri Nov 02 17:09:46 2007 +0200
@@ -804,6 +804,10 @@
 			"Invalid username: %s", str_sanitize(username, 128));
 		return FALSE;
 	}
+	if (request->translated_username == NULL) {
+		/* similar to original_username, but after translations */
+		request->translated_username = request->user;
+	}
 
 	if (login_username != NULL) {
 		if (!auth_request_set_login_username(request,

--- a/src/auth/auth-request.h	Fri Nov 02 16:37:05 2007 +0200
+++ b/src/auth/auth-request.h	Fri Nov 02 17:09:46 2007 +0200
@@ -37,6 +37,9 @@
 	   verification. however with master logins the master username has
 	   been dropped from it. */
 	const char *original_username;
+	/* the username after doing all internal translations, but before
+	   being changed by a db lookup */
+	const char *translated_username;
 	char *mech_password; /* set if verify_plain() is called */
 	char *passdb_password; /* set after password lookup if successful */
         /* extra_fields are returned in authentication reply. Fields prefixed