thr3ads.net - dovecot - Authenticate users using their firstname [Oct 2018]

If this information is useful, please help other people find it:
Share via:

Fady AL HAYALI

2018-Sep-29 08:42 UTC

Authenticate users using their firstname

Hi,

I'm setting up a Postfic and Dovecot with LDAP email server. My users in
LDAP is like this:

    dn: uid=firstname,ou=People,dc=domain,dc=com
    uid: firstname
    uidNumber: 4025
    gidNumber: 4025
    givenName: firstname
    objectClass: top
    objectClass: person
    objectClass: posixAccount
    objectClass: shadowAccount
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    loginShell: /bin/bash
    homeDirectory: /home/firstname
    cn: firstname lastname
    mail: firstname.lastname at domain.com<mailto:firstname.lastname at
domain.com>

This is how I connect Dovecot with LDAP

    hosts = ldapserver
    ldap_version = 3
    base = ou=People,dc=domain,dc=com
    deref = never
    scope = subtree
    user_attrs     user_filter = (&(objectclass=inetOrgPerson)(uid=%n)
    pass_attrs = uid=user,userPassword=password
    pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
    default_pass_scheme = SSHA

When I enter a user's email address and password as the following:
email: firstname.lastname at domain.com<mailto:firstname.lastname at
domain.com>
password: password

and according to my setting which I used "%n" as you see above, the
username used to authenticate is "firstname.lastname". I checked the
Dovecot variables but I couldn't find something useful in this case to
manipulate the "%n" variable.

I would like to keep using email addresses as "firstname.lastname at
domain.com"<mailto:firstname.lastname at domain.com> but authenticate
users using their first name. I really hit a wall here and any help will be much
appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20180929/186a8f51/attachment.html>

Aki Tuomi

2018-Sep-29 08:55 UTC

head link

Authenticate users using their firstname

Why not authenticate users by email address? Using firstname as user identifier
does not sound very long term solution...

Anyways...

if you insist on using firstname only, you'll need to use Lua auth database
to split the username (or perform the whole deal)

passdb {
   driver = lua
   args = file="/etc/dovecot/username.lua" blocking=no
}

passdb {
   driver = ldap
   args = /ldap.config
}

and put into username.lua

function auth_passdb_lookup(req)
  firstname = req.username:gsub("^([^.]+)[.].*", "%1")
  return dovecot.auth.PASSDB_RESULT_OK, {firstname=firstname,
noauthenticate="y"}
end

Aki
> On 29 September 2018 at 11:42 Fady AL HAYALI <codeforger at
outlook.com> wrote:
> 
> 
> Hi,
> 
> I'm setting up a Postfic and Dovecot with LDAP email server. My users
in LDAP is like this:
> 
>     dn: uid=firstname,ou=People,dc=domain,dc=com
>     uid: firstname
>     uidNumber: 4025
>     gidNumber: 4025
>     givenName: firstname
>     objectClass: top
>     objectClass: person
>     objectClass: posixAccount
>     objectClass: shadowAccount
>     objectClass: organizationalPerson
>     objectClass: inetOrgPerson
>     loginShell: /bin/bash
>     homeDirectory: /home/firstname
>     cn: firstname lastname
>     mail: firstname.lastname at domain.com<mailto:firstname.lastname at
domain.com>
> 
> This is how I connect Dovecot with LDAP
> 
>     hosts = ldapserver
>     ldap_version = 3
>     base = ou=People,dc=domain,dc=com
>     deref = never
>     scope = subtree
>     user_attrs >     user_filter =
(&(objectclass=inetOrgPerson)(uid=%n)
>     pass_attrs = uid=user,userPassword=password
>     pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
>     default_pass_scheme = SSHA
> 
> When I enter a user's email address and password as the following:
> email: firstname.lastname at domain.com<mailto:firstname.lastname at
domain.com>
> password: password
> 
> and according to my setting which I used "%n" as you see above,
the username used to authenticate is "firstname.lastname". I checked
the Dovecot variables but I couldn't find something useful in this case to
manipulate the "%n" variable.
> 
> I would like to keep using email addresses as "firstname.lastname at
domain.com"<mailto:firstname.lastname at domain.com> but authenticate
users using their first name. I really hit a wall here and any help will be much
appreciated.

Steffen Kaiser

2018-Oct-01 12:19 UTC

head link

Authenticate users using their firstname

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 29 Sep 2018, Fady AL HAYALI wrote:
> I'm setting up a Postfic and Dovecot with LDAP email server. My users
in LDAP is like this:
>
>    dn: uid=firstname,ou=People,dc=domain,dc=com
>    uid: firstname
>    uidNumber: 4025
>    gidNumber: 4025
>    givenName: firstname
>    objectClass: top
>    objectClass: person
>    objectClass: posixAccount
>    objectClass: shadowAccount
>    objectClass: organizationalPerson
>    objectClass: inetOrgPerson
>    loginShell: /bin/bash
>    homeDirectory: /home/firstname
>    cn: firstname lastname
>    mail: firstname.lastname at domain.com<mailto:firstname.lastname at
domain.com>
>
> This is how I connect Dovecot with LDAP
>
>    hosts = ldapserver
>    ldap_version = 3
>    base = ou=People,dc=domain,dc=com
>    deref = never
>    scope = subtree
>    user_attrs >    user_filter =
(&(objectclass=inetOrgPerson)(uid=%n)
>    pass_attrs = uid=user,userPassword=password
>    pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
>    default_pass_scheme = SSHA
>
> When I enter a user's email address and password as the following:
> email: firstname.lastname at domain.com<mailto:firstname.lastname at
domain.com>
> password: password
>
> and according to my setting which I used "%n" as you see above,
the username used to authenticate is "firstname.lastname". I checked
the Dovecot variables but I couldn't find something useful in this case to
manipulate the "%n" variable.
>
> I would like to keep using email addresses as "firstname.lastname at
domain.com"<mailto:firstname.lastname at domain.com> but authenticate
users using their first name. I really hit a wall here and any help will be much
appreciated.
Well, for me, this sounds strange, using firstname only. Why not let your 
users enter the firstname only? Or:

pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*)))

If firstname is unique, mail should be unique as well.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBW7IQ7MQnQQNheMxiAQIqtwgAkswe2jx7rXSJsGI8sh6Bd5d2f0MVx9nw
8IcW23vZlqpZOq9jGe8wD937IwKU1PSmMw7Ac2RiGUDts8rUWLp829DtwgovxGpj
iP6qwxhfp8HcFaH0LE8oqWUnlaxh8Df9Nrwg7DPr/qebepUJAzQU6CAkODUy+osl
z799U6RoI74fZyIT8gaAJ1mI+swOFcdawNMqv8S7+Iab7jtzTdHYN7J/YYM0rvzF
amt+kad1OayunRl7OhV1j0BPqdIFDHaC08KAf2cN+GKAWzWNY/ZWe9Y0nloq++fh
IAHZSDe8CSTS/fT+4IiHXT10aJJQob3AnbJ3264+JZ9cIZjpnn/KnQ==sof6
-----END PGP SIGNATURE-----

Aki Tuomi

2018-Oct-01 16:27 UTC

head link

Authenticate users using their firstname

> On 01 October 2018 at 15:19 Steffen Kaiser <skdovecot at
inf.h-brs.de> wrote:
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Sat, 29 Sep 2018, Fady AL HAYALI wrote:
> 
> > I'm setting up a Postfic and Dovecot with LDAP email server. My
users in LDAP is like this:
> >
> >    dn: uid=firstname,ou=People,dc=domain,dc=com
> >    uid: firstname
> >    uidNumber: 4025
> >    gidNumber: 4025
> >    givenName: firstname
> >    objectClass: top
> >    objectClass: person
> >    objectClass: posixAccount
> >    objectClass: shadowAccount
> >    objectClass: organizationalPerson
> >    objectClass: inetOrgPerson
> >    loginShell: /bin/bash
> >    homeDirectory: /home/firstname
> >    cn: firstname lastname
> >    mail: firstname.lastname at domain.com<mailto:firstname.lastname
at domain.com>
> >
> > This is how I connect Dovecot with LDAP
> >
> >    hosts = ldapserver
> >    ldap_version = 3
> >    base = ou=People,dc=domain,dc=com
> >    deref = never
> >    scope = subtree
> >    user_attrs > >    user_filter =
(&(objectclass=inetOrgPerson)(uid=%n)
> >    pass_attrs = uid=user,userPassword=password
> >    pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
> >    default_pass_scheme = SSHA
> >
> > When I enter a user's email address and password as the following:
> > email: firstname.lastname at domain.com<mailto:firstname.lastname
at domain.com>
> > password: password
> >
> > and according to my setting which I used "%n" as you see
above, the username used to authenticate is "firstname.lastname". I
checked the Dovecot variables but I couldn't find something useful in this
case to manipulate the "%n" variable.
> >
> > I would like to keep using email addresses as "firstname.lastname
at domain.com"<mailto:firstname.lastname at domain.com> but
authenticate users using their first name. I really hit a wall here and any help
will be much appreciated.
> 
> Well, for me, this sounds strange, using firstname only. Why not let your 
> users enter the firstname only? Or:
> 
> pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*)))
> 
> If firstname is unique, mail should be unique as well.
> 
> - -- 
> Steffen Kaiser

Steffen, I understood their mail addresses are like steffen.kaiser at
domain.com, but uid's are like uid=steffen

Aki

Maybe Matching Threads

Search for more apparently analagous threads

dovecot - Oct 2018 - Authenticate users using their firstname

Authenticate users using their firstname

Authenticate users using their firstname

Authenticate users using their firstname

Authenticate users using their firstname

Maybe Matching Threads