Authenticate users using their firstname

Hendrik Boom hendrik at topoi.pooq.com
Tue Oct 2 01:59:20 EEST 2018 

On Mon, Oct 01, 2018 at 11:25:48PM +0200, Admin wrote:
> 
> 
> Von unterwegs gesendet
> 
> > Am 01.10.2018 um 18:27 schrieb Aki Tuomi <aki.tuomi at open-xchange.com>:
> > 
> > 
> >> On 01 October 2018 at 15:19 Steffen Kaiser <skdovecot at inf.h-brs.de> wrote:
> >> 
> >> 
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >> 
> >>> On Sat, 29 Sep 2018, Fady AL HAYALI wrote:
> >>> 
> >>> I'm setting up a Postfic and Dovecot with LDAP email server. My users in LDAP is like this:
> >>> 
> >>>   dn: uid=firstname,ou=People,dc=domain,dc=com
> >>>   uid: firstname
> >>>   uidNumber: 4025
> >>>   gidNumber: 4025
> >>>   givenName: firstname
> >>>   objectClass: top
> >>>   objectClass: person
> >>>   objectClass: posixAccount
> >>>   objectClass: shadowAccount
> >>>   objectClass: organizationalPerson
> >>>   objectClass: inetOrgPerson
> >>>   loginShell: /bin/bash
> >>>   homeDirectory: /home/firstname
> >>>   cn: firstname lastname
> >>>   mail: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com>
> >>> 
> >>> This is how I connect Dovecot with LDAP
> >>> 
> >>>   hosts = ldapserver
> >>>   ldap_version = 3
> >>>   base = ou=People,dc=domain,dc=com
> >>>   deref = never
> >>>   scope = subtree
> >>>   user_attrs =
> >>>   user_filter = (&(objectclass=inetOrgPerson)(uid=%n)
> >>>   pass_attrs = uid=user,userPassword=password
> >>>   pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
> >>>   default_pass_scheme = SSHA
> >>> 
> >>> When I enter a user's email address and password as the following:
> >>> email: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com>
> >>> password: password
> >>> 
> >>> and according to my setting which I used "%n" as you see above, the username used to authenticate is "firstname.lastname". I checked the Dovecot variables but I couldn't find something useful in this case to manipulate the "%n" variable.
> >>> 
> >>> I would like to keep using email addresses as "firstname.lastname at domain.com"<mailto:firstname.lastname at domain.com> but authenticate users using their first name. I really hit a wall here and any help will be much appreciated.
> >> 
> >> Well, for me, this sounds strange, using firstname only. Why not let your 
> >> users enter the firstname only? Or:
> >> 
> >> pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*)))
> >> 
> >> If firstname is unique, mail should be unique as well.
> >> 
> >> - -- 
> >> Steffen Kaiser
> > 
> > 
> > Steffen, I understood their mail addresses are like steffen.kaiser at domain.com, but uid's are like uid=steffen
> > 
> > Aki
> 
> I guess this seems to be the desired behaviour as well. Getting interesting when handling collisions. Not possible to decide by password which account should be used as far as i can tell, as this would be some sort of brute force authentication?!?

Not when a lot of people choose 123456 as their passwords.

-- hendrik

> 
> -M

More information about the dovecot mailing list