Authenticate users using their firstname

Aki Tuomi aki.tuomi at open-xchange.com
Sat Sep 29 11:55:59 EEST 2018


Why not authenticate users by email address? Using firstname as user identifier does not sound very long term solution...

Anyways...

if you insist on using firstname only, you'll need to use Lua auth database to split the username (or perform the whole deal)

passdb {
   driver = lua
   args = file="/etc/dovecot/username.lua" blocking=no
}

passdb {
   driver = ldap
   args = /ldap.config
}

and put into username.lua

function auth_passdb_lookup(req)
  firstname = req.username:gsub("^([^.]+)[.].*", "%1")
  return dovecot.auth.PASSDB_RESULT_OK, {firstname=firstname, noauthenticate="y"}
end

Aki

> On 29 September 2018 at 11:42 Fady AL HAYALI <codeforger at outlook.com> wrote:
> 
> 
> Hi,
> 
> I'm setting up a Postfic and Dovecot with LDAP email server. My users in LDAP is like this:
> 
>     dn: uid=firstname,ou=People,dc=domain,dc=com
>     uid: firstname
>     uidNumber: 4025
>     gidNumber: 4025
>     givenName: firstname
>     objectClass: top
>     objectClass: person
>     objectClass: posixAccount
>     objectClass: shadowAccount
>     objectClass: organizationalPerson
>     objectClass: inetOrgPerson
>     loginShell: /bin/bash
>     homeDirectory: /home/firstname
>     cn: firstname lastname
>     mail: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com>
> 
> This is how I connect Dovecot with LDAP
> 
>     hosts = ldapserver
>     ldap_version = 3
>     base = ou=People,dc=domain,dc=com
>     deref = never
>     scope = subtree
>     user_attrs =
>     user_filter = (&(objectclass=inetOrgPerson)(uid=%n)
>     pass_attrs = uid=user,userPassword=password
>     pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
>     default_pass_scheme = SSHA
> 
> When I enter a user's email address and password as the following:
> email: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com>
> password: password
> 
> and according to my setting which I used "%n" as you see above, the username used to authenticate is "firstname.lastname". I checked the Dovecot variables but I couldn't find something useful in this case to manipulate the "%n" variable.
> 
> I would like to keep using email addresses as "firstname.lastname at domain.com"<mailto:firstname.lastname at domain.com> but authenticate users using their first name. I really hit a wall here and any help will be much appreciated.


More information about the dovecot mailing list