[Dovecot] (no subject)

Timo Sirainen tss at iki.fi
Fri May 29 01:00:36 EEST 2009


On Wed, 2009-05-27 at 17:38 +0000, Patrick Hemmen wrote:
> Hi,
> 
> I use a OpenLDAP for authentication. To authenticate a full DN as the
> user name must be used, like "cn=jim,ou=users,dc=example,dc=com".
> There are several domains, like example2.com and example3.com. I want
> to use Dovecot with ldap and authentication binds. For testing I use
> "auth_bind_userdn = cn=%n,ou=users,dc=%d" and the user name must
> provide as  "jim at example,dc=com". To allow the special chars ("=,") in
> user name, I extend "auth_username_chars".
> Now my questions. Exists a real chance to attack the ldap directory
> with the extended "auth_username_chars"? And it's possible to use
> authentication binds with the regular "auth_username_chars" and a
> provided user names like "jim at example.com" in my special ldap
> directory structure?

Use:

auth_bind_userdn = cn=%n,ou=users,dc=%Dd

See %D in http://wiki.dovecot.org/Variables
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090528/08846fc8/attachment.bin 


More information about the dovecot mailing list