[Dovecot] Is it possible to authenticate against Active Direcotry using the whole e-mail?

Δημήτριος Καραπιπέρης dimkar at thessaloniki.gr
Wed Oct 7 15:00:52 EEST 2009


O/H Patrick Domack έγραψε:
> Yes, it's possible to do this. But not possible using auth_bind.
> You are going have to login using an administrator account, then do an 
> ldap search for the email address, then authenicate against it. Using 
> auth_bind requires you to know the username before you login.
>
> http://wiki.dovecot.org/AuthDatabase/LDAP/PasswordLookups
>
> Just need to change passfilter to do a ?proxy_email? or what it's 
> called for ad
>

Hi,
many thanks for your reply.

Active Direcotry doesn't return the userPassword in

pass_attrs = uid=user, userPassword=password

so the password supplied by the user can't be validated.



I used this configuration

 auth_bind = no
 pass_attrs = mail=user, userPassword=password
 pass_filter = (& (objectclass=User) (objectCategory=Person) (mail=%u))
 default_pass_scheme = MD5

and although the ldap query located the user it complains with the following:

 No password returned (and no nopassword)

Any ideas?
Dimitrios













> Quoting ????????? ??????????? <dimkar at thessaloniki.gr>:
>
>> Hi all!
>>
>> Is it possible to authenticate against Active Directory, using the 
>> whole e-mail address and not
>> the user part (%n), so that if you support mutiple domains, all users 
>> should authenticate with their e-mail addresses.
>>
>> I use
>> auth_bind_userdn = DOMAIN \ %u
>> but somehow the *mail* attribute of Active/LDAP should be employed.
>>
>>
>> thanks in advance
>> Dimitrios Karapiperis
>>
>>
>
>
>


-- 
ΔΗΜΗΤΡΙΟΣ ΚΑΡΑΠΙΠΕΡΗΣ 
ΤΕΧΝ. ΥΠ. ΣΥΖΕΥΞΙΣ

ΕΛΛΗΝΙΚΗ ΔΗΜΟΚΡΑΤΙΑ - Ν. ΘΕΣΣΑΛΟΝΙΚΗΣ
ΔΗΜΟΣ ΘΕΣΣΑΛΟΝΙΚΗΣ -  Δ/ΝΣΗ ΟΡΓΑΝΩΣΕΩΣ & ΜΕΘΟΔΩΝ
2310 - 257844 fax 2310 - 244965



More information about the dovecot mailing list