Authenticate users using their firstname

Aki Tuomi aki.tuomi at open-xchange.com
Mon Oct 1 19:27:57 EEST 2018


> On 01 October 2018 at 15:19 Steffen Kaiser <skdovecot at inf.h-brs.de> wrote:
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Sat, 29 Sep 2018, Fady AL HAYALI wrote:
> 
> > I'm setting up a Postfic and Dovecot with LDAP email server. My users in LDAP is like this:
> >
> >    dn: uid=firstname,ou=People,dc=domain,dc=com
> >    uid: firstname
> >    uidNumber: 4025
> >    gidNumber: 4025
> >    givenName: firstname
> >    objectClass: top
> >    objectClass: person
> >    objectClass: posixAccount
> >    objectClass: shadowAccount
> >    objectClass: organizationalPerson
> >    objectClass: inetOrgPerson
> >    loginShell: /bin/bash
> >    homeDirectory: /home/firstname
> >    cn: firstname lastname
> >    mail: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com>
> >
> > This is how I connect Dovecot with LDAP
> >
> >    hosts = ldapserver
> >    ldap_version = 3
> >    base = ou=People,dc=domain,dc=com
> >    deref = never
> >    scope = subtree
> >    user_attrs =
> >    user_filter = (&(objectclass=inetOrgPerson)(uid=%n)
> >    pass_attrs = uid=user,userPassword=password
> >    pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
> >    default_pass_scheme = SSHA
> >
> > When I enter a user's email address and password as the following:
> > email: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com>
> > password: password
> >
> > and according to my setting which I used "%n" as you see above, the username used to authenticate is "firstname.lastname". I checked the Dovecot variables but I couldn't find something useful in this case to manipulate the "%n" variable.
> >
> > I would like to keep using email addresses as "firstname.lastname at domain.com"<mailto:firstname.lastname at domain.com> but authenticate users using their first name. I really hit a wall here and any help will be much appreciated.
> 
> Well, for me, this sounds strange, using firstname only. Why not let your 
> users enter the firstname only? Or:
> 
> pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*)))
> 
> If firstname is unique, mail should be unique as well.
> 
> - -- 
> Steffen Kaiser


Steffen, I understood their mail addresses are like steffen.kaiser at domain.com, but uid's are like uid=steffen

Aki


More information about the dovecot mailing list