[Dovecot] [SOLVED] Re: Is it possible to authenticate against Active Direcotry using the whole e-mail?
Δημήτριος Καραπιπέρης
dimkar at thessaloniki.gr
Wed Oct 7 15:19:16 EEST 2009
Hi
I just solved it
using authentcation binds
auth_bind = yes
pass_attrs = mail=user
pass_filter = (& (objectclass=User) (objectCategory=Person) (mail=%u))
Active Directory, as far as I know, by no means exposes users passwords
to third party applications or services.
Thanks in advance
Dimitrios
O/H Δημήτριος Καραπιπέρης έγραψε:
> O/H Patrick Domack έγραψε:
>> Yes, it's possible to do this. But not possible using auth_bind.
>> You are going have to login using an administrator account, then do
>> an ldap search for the email address, then authenicate against it.
>> Using auth_bind requires you to know the username before you login.
>>
>> http://wiki.dovecot.org/AuthDatabase/LDAP/PasswordLookups
>>
>> Just need to change passfilter to do a ?proxy_email? or what it's
>> called for ad
>>
>
> Hi,
> many thanks for your reply.
>
> Active Direcotry doesn't return the userPassword in
>
> pass_attrs = uid=user, userPassword=password
>
> so the password supplied by the user can't be validated.
>
>
>
> I used this configuration
>
> auth_bind = no
> pass_attrs = mail=user, userPassword=password
> pass_filter = (& (objectclass=User) (objectCategory=Person) (mail=%u))
> default_pass_scheme = MD5
>
> and although the ldap query located the user it complains with the
> following:
>
> No password returned (and no nopassword)
>
> Any ideas?
> Dimitrios
>
>
>
>
>
>
>
>
>
>
>
>
>
>> Quoting ????????? ??????????? <dimkar at thessaloniki.gr>:
>>
>>> Hi all!
>>>
>>> Is it possible to authenticate against Active Directory, using the
>>> whole e-mail address and not
>>> the user part (%n), so that if you support mutiple domains, all
>>> users should authenticate with their e-mail addresses.
>>>
>>> I use
>>> auth_bind_userdn = DOMAIN \ %u
>>> but somehow the *mail* attribute of Active/LDAP should be employed.
>>>
>>>
>>> thanks in advance
>>> Dimitrios Karapiperis
>>>
>>>
>>
>>
>>
>
>
--
ΔΗΜΗΤΡΙΟΣ ΚΑΡΑΠΙΠΕΡΗΣ
ΤΕΧΝ. ΥΠ. ΣΥΖΕΥΞΙΣ
ΕΛΛΗΝΙΚΗ ΔΗΜΟΚΡΑΤΙΑ - Ν. ΘΕΣΣΑΛΟΝΙΚΗΣ
ΔΗΜΟΣ ΘΕΣΣΑΛΟΝΙΚΗΣ - Δ/ΝΣΗ ΟΡΓΑΝΩΣΕΩΣ & ΜΕΘΟΔΩΝ
2310 - 257844 fax 2310 - 244965
More information about the dovecot
mailing list