Authenticate users using their firstname

admin admin at awib.it
Thu Oct 4 01:34:50 EEST 2018 


> Am 02.10.2018 um 00:59 schrieb Hendrik Boom <hendrik at topoi.pooq.com>:
> 
>> On Mon, Oct 01, 2018 at 11:25:48PM +0200, Admin wrote:
>> 
>> 
>> Von unterwegs gesendet
>> 
>>> Am 01.10.2018 um 18:27 schrieb Aki Tuomi <aki.tuomi at open-xchange.com>:
>>> 
>>> 
>>>> On 01 October 2018 at 15:19 Steffen Kaiser <skdovecot at inf.h-brs.de> wrote:
>>>> 
>>>> 
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>> 
>>>>> On Sat, 29 Sep 2018, Fady AL HAYALI wrote:
>>>>> 
>>>>> I'm setting up a Postfic and Dovecot with LDAP email server. My users in LDAP is like this:
>>>>> 
>>>>>  dn: uid=firstname,ou=People,dc=domain,dc=com
>>>>>  uid: firstname
>>>>>  uidNumber: 4025
>>>>>  gidNumber: 4025
>>>>>  givenName: firstname
>>>>>  objectClass: top
>>>>>  objectClass: person
>>>>>  objectClass: posixAccount
>>>>>  objectClass: shadowAccount
>>>>>  objectClass: organizationalPerson
>>>>>  objectClass: inetOrgPerson
>>>>>  loginShell: /bin/bash
>>>>>  homeDirectory: /home/firstname
>>>>>  cn: firstname lastname
>>>>>  mail: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com>
>>>>> 
>>>>> This is how I connect Dovecot with LDAP
>>>>> 
>>>>>  hosts = ldapserver
>>>>>  ldap_version = 3
>>>>>  base = ou=People,dc=domain,dc=com
>>>>>  deref = never
>>>>>  scope = subtree
>>>>>  user_attrs =
>>>>>  user_filter = (&(objectclass=inetOrgPerson)(uid=%n)
>>>>>  pass_attrs = uid=user,userPassword=password
>>>>>  pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
>>>>>  default_pass_scheme = SSHA
>>>>> 
>>>>> When I enter a user's email address and password as the following:
>>>>> email: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com>
>>>>> password: password
>>>>> 
>>>>> and according to my setting which I used "%n" as you see above, the username used to authenticate is "firstname.lastname". I checked the Dovecot variables but I couldn't find something useful in this case to manipulate the "%n" variable.
>>>>> 
>>>>> I would like to keep using email addresses as "firstname.lastname at domain.com"<mailto:firstname.lastname at domain.com> but authenticate users using their first name. I really hit a wall here and any help will be much appreciated.
>>>> 
>>>> Well, for me, this sounds strange, using firstname only. Why not let your 
>>>> users enter the firstname only? Or:
>>>> 
>>>> pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*)))
>>>> 
>>>> If firstname is unique, mail should be unique as well.
>>>> 
>>>> - -- 
>>>> Steffen Kaiser
>>> 
>>> 
>>> Steffen, I understood their mail addresses are like steffen.kaiser at domain.com, but uid's are like uid=steffen
>>> 
>>> Aki
>> 
>> I guess this seems to be the desired behaviour as well. Getting interesting when handling collisions. Not possible to decide by password which account should be used as far as i can tell, as this would be some sort of brute force authentication?!?
> 
> Not when a lot of people choose 123456 as their passwords.

I guess at this point the last name would make an excellent password :)
> 
> -- hendrik
> 
>> 
>> -M

More information about the dovecot mailing list