Am 02.10.2018 um 00:59 schrieb Hendrik Boom <hendrik@topoi.pooq.com>:
On Mon, Oct 01, 2018 at 11:25:48PM +0200, Admin wrote:
Von unterwegs gesendet
Am 01.10.2018 um 18:27 schrieb Aki Tuomi <aki.tuomi@open-xchange.com>:
On 01 October 2018 at 15:19 Steffen Kaiser <skdovecot@inf.h-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, 29 Sep 2018, Fady AL HAYALI wrote:
I'm setting up a Postfic and Dovecot with LDAP email server. My users in LDAP is like this:
dn: uid=firstname,ou=People,dc=domain,dc=com uid: firstname uidNumber: 4025 gidNumber: 4025 givenName: firstname objectClass: top objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: organizationalPerson objectClass: inetOrgPerson loginShell: /bin/bash homeDirectory: /home/firstname cn: firstname lastname mail: firstname.lastname@domain.com<mailto:firstname.lastname@domain.com>
This is how I connect Dovecot with LDAP
hosts = ldapserver ldap_version = 3 base = ou=People,dc=domain,dc=com deref = never scope = subtree user_attrs = user_filter = (&(objectclass=inetOrgPerson)(uid=%n) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectclass=inetOrgPerson)(uid=%n)) default_pass_scheme = SSHA
When I enter a user's email address and password as the following: email: firstname.lastname@domain.com<mailto:firstname.lastname@domain.com> password: password
and according to my setting which I used "%n" as you see above, the username used to authenticate is "firstname.lastname". I checked the Dovecot variables but I couldn't find something useful in this case to manipulate the "%n" variable.
I would like to keep using email addresses as "firstname.lastname@domain.com"<mailto:firstname.lastname@domain.com> but authenticate users using their first name. I really hit a wall here and any help will be much appreciated.
Well, for me, this sounds strange, using firstname only. Why not let your users enter the firstname only? Or:
pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*)))
If firstname is unique, mail should be unique as well.
Steffen Kaiser
Steffen, I understood their mail addresses are like steffen.kaiser@domain.com, but uid's are like uid=steffen
Aki
I guess this seems to be the desired behaviour as well. Getting interesting when handling collisions. Not possible to decide by password which account should be used as far as i can tell, as this would be some sort of brute force authentication?!?
Not when a lot of people choose 123456 as their passwords.
I guess at this point the last name would make an excellent password :)
-- hendrik
-M