Authenticate users using their firstname

Steffen Kaiser skdovecot at inf.h-brs.de
Mon Oct 1 15:19:56 EEST 2018


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 29 Sep 2018, Fady AL HAYALI wrote:

> I'm setting up a Postfic and Dovecot with LDAP email server. My users in LDAP is like this:
>
>    dn: uid=firstname,ou=People,dc=domain,dc=com
>    uid: firstname
>    uidNumber: 4025
>    gidNumber: 4025
>    givenName: firstname
>    objectClass: top
>    objectClass: person
>    objectClass: posixAccount
>    objectClass: shadowAccount
>    objectClass: organizationalPerson
>    objectClass: inetOrgPerson
>    loginShell: /bin/bash
>    homeDirectory: /home/firstname
>    cn: firstname lastname
>    mail: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com>
>
> This is how I connect Dovecot with LDAP
>
>    hosts = ldapserver
>    ldap_version = 3
>    base = ou=People,dc=domain,dc=com
>    deref = never
>    scope = subtree
>    user_attrs =
>    user_filter = (&(objectclass=inetOrgPerson)(uid=%n)
>    pass_attrs = uid=user,userPassword=password
>    pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
>    default_pass_scheme = SSHA
>
> When I enter a user's email address and password as the following:
> email: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com>
> password: password
>
> and according to my setting which I used "%n" as you see above, the username used to authenticate is "firstname.lastname". I checked the Dovecot variables but I couldn't find something useful in this case to manipulate the "%n" variable.
>
> I would like to keep using email addresses as "firstname.lastname at domain.com"<mailto:firstname.lastname at domain.com> but authenticate users using their first name. I really hit a wall here and any help will be much appreciated.

Well, for me, this sounds strange, using firstname only. Why not let your 
users enter the firstname only? Or:

pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*)))

If firstname is unique, mail should be unique as well.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBW7IQ7MQnQQNheMxiAQIqtwgAkswe2jx7rXSJsGI8sh6Bd5d2f0MVx9nw
8IcW23vZlqpZOq9jGe8wD937IwKU1PSmMw7Ac2RiGUDts8rUWLp829DtwgovxGpj
iP6qwxhfp8HcFaH0LE8oqWUnlaxh8Df9Nrwg7DPr/qebepUJAzQU6CAkODUy+osl
z799U6RoI74fZyIT8gaAJ1mI+swOFcdawNMqv8S7+Iab7jtzTdHYN7J/YYM0rvzF
amt+kad1OayunRl7OhV1j0BPqdIFDHaC08KAf2cN+GKAWzWNY/ZWe9Y0nloq++fh
IAHZSDe8CSTS/fT+4IiHXT10aJJQob3AnbJ3264+JZ9cIZjpnn/KnQ==
=sof6
-----END PGP SIGNATURE-----


More information about the dovecot mailing list