Authenticate users using their firstname

Admin admin at awib.it
Tue Oct 2 00:25:48 EEST 2018



Von unterwegs gesendet

> Am 01.10.2018 um 18:27 schrieb Aki Tuomi <aki.tuomi at open-xchange.com>:
> 
> 
>> On 01 October 2018 at 15:19 Steffen Kaiser <skdovecot at inf.h-brs.de> wrote:
>> 
>> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>>> On Sat, 29 Sep 2018, Fady AL HAYALI wrote:
>>> 
>>> I'm setting up a Postfic and Dovecot with LDAP email server. My users in LDAP is like this:
>>> 
>>>   dn: uid=firstname,ou=People,dc=domain,dc=com
>>>   uid: firstname
>>>   uidNumber: 4025
>>>   gidNumber: 4025
>>>   givenName: firstname
>>>   objectClass: top
>>>   objectClass: person
>>>   objectClass: posixAccount
>>>   objectClass: shadowAccount
>>>   objectClass: organizationalPerson
>>>   objectClass: inetOrgPerson
>>>   loginShell: /bin/bash
>>>   homeDirectory: /home/firstname
>>>   cn: firstname lastname
>>>   mail: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com>
>>> 
>>> This is how I connect Dovecot with LDAP
>>> 
>>>   hosts = ldapserver
>>>   ldap_version = 3
>>>   base = ou=People,dc=domain,dc=com
>>>   deref = never
>>>   scope = subtree
>>>   user_attrs =
>>>   user_filter = (&(objectclass=inetOrgPerson)(uid=%n)
>>>   pass_attrs = uid=user,userPassword=password
>>>   pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
>>>   default_pass_scheme = SSHA
>>> 
>>> When I enter a user's email address and password as the following:
>>> email: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com>
>>> password: password
>>> 
>>> and according to my setting which I used "%n" as you see above, the username used to authenticate is "firstname.lastname". I checked the Dovecot variables but I couldn't find something useful in this case to manipulate the "%n" variable.
>>> 
>>> I would like to keep using email addresses as "firstname.lastname at domain.com"<mailto:firstname.lastname at domain.com> but authenticate users using their first name. I really hit a wall here and any help will be much appreciated.
>> 
>> Well, for me, this sounds strange, using firstname only. Why not let your 
>> users enter the firstname only? Or:
>> 
>> pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*)))
>> 
>> If firstname is unique, mail should be unique as well.
>> 
>> - -- 
>> Steffen Kaiser
> 
> 
> Steffen, I understood their mail addresses are like steffen.kaiser at domain.com, but uid's are like uid=steffen
> 
> Aki

I guess this seems to be the desired behaviour as well. Getting interesting when handling collisions. Not possible to decide by password which account should be used as far as i can tell, as this would be some sort of brute force authentication?!?

-M


More information about the dovecot mailing list