Thank you a lot for the tip.
----- Original Message ---- From: Timo Sirainen tss@iki.fi To: Patrick Hemmen patrick.hemmen@yahoo.de Cc: dovecot@dovecot.org Sent: Friday, May 29, 2009 12:00:36 AM Subject: Re: [Dovecot] (no subject)
On Wed, 2009-05-27 at 17:38 +0000, Patrick Hemmen wrote:
Hi,
I use a OpenLDAP for authentication. To authenticate a full DN as the user name must be used, like "cn=jim,ou=users,dc=example,dc=com". There are several domains, like example2.com and example3.com. I want to use Dovecot with ldap and authentication binds. For testing I use "auth_bind_userdn = cn=%n,ou=users,dc=%d" and the user name must provide as "jim@example,dc=com". To allow the special chars ("=,") in user name, I extend "auth_username_chars". Now my questions. Exists a real chance to attack the ldap directory with the extended "auth_username_chars"? And it's possible to use authentication binds with the regular "auth_username_chars" and a provided user names like "jim@example.com" in my special ldap directory structure?
Use:
auth_bind_userdn = cn=%n,ou=users,dc=%Dd
See %D in http://wiki.dovecot.org/Variables