What about pass_filter, does that work with imap/pop3 logins?
Interesting question. Typically users only try to login with their sAMAccountName and thats always worked just fine. I just tested this and pass_filter seems to be running in to the same issue. If I set the pass_filter to:
pass_filter = (&(objectclass=person)(|(sAMAccountName=%n)(otherMailbox=%n)))
Then I am not able to log in using my email alias. However if I set it to:
pass_filter = (&(objectclass=person)(|(sAMAccountName=%n)(sn=%n)))
Then I am able to log in using my last name. Just like before other fields like postalCode and title will not work. For each attribute that does not work I have verified that an ldapsearch using the same filter returns exactly 1 sAMAccountName.
All the log shows for the failure (when I attempt to login as my "postmaster" alias) is:
Info: ldap(postmaster,127.0.0.1): unknown user
But if I set the filter to check the mail attribute and login using my mail it correctly changes my username (as my mail address is different from my username):
Info: auth(mark.schaub,127.0.0.1): username changed mark.schaub -> mschaub Info: ldap(mschaub,127.0.0.1): result: sAMAccountName(user)=mschaub Info: client out: OK 1 user=mschaub