> On 01 October 2018 at 15:19 Steffen Kaiser <skdovecot at inf.h-brs.de> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sat, 29 Sep 2018, Fady AL HAYALI wrote: > > > I'm setting up a Postfic and Dovecot with LDAP email server. My users in LDAP is like this: > > > > dn: uid=firstname,ou=People,dc=domain,dc=com > > uid: firstname > > uidNumber: 4025 > > gidNumber: 4025 > > givenName: firstname > > objectClass: top > > objectClass: person > > objectClass: posixAccount > > objectClass: shadowAccount > > objectClass: organizationalPerson > > objectClass: inetOrgPerson > > loginShell: /bin/bash > > homeDirectory: /home/firstname > > cn: firstname lastname > > mail: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com> > > > > This is how I connect Dovecot with LDAP > > > > hosts = ldapserver > > ldap_version = 3 > > base = ou=People,dc=domain,dc=com > > deref = never > > scope = subtree > > user_attrs > > user_filter = (&(objectclass=inetOrgPerson)(uid=%n) > > pass_attrs = uid=user,userPassword=password > > pass_filter = (&(objectclass=inetOrgPerson)(uid=%n)) > > default_pass_scheme = SSHA > > > > When I enter a user's email address and password as the following: > > email: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com> > > password: password > > > > and according to my setting which I used "%n" as you see above, the username used to authenticate is "firstname.lastname". I checked the Dovecot variables but I couldn't find something useful in this case to manipulate the "%n" variable. > > > > I would like to keep using email addresses as "firstname.lastname at domain.com"<mailto:firstname.lastname at domain.com> but authenticate users using their first name. I really hit a wall here and any help will be much appreciated. > > Well, for me, this sounds strange, using firstname only. Why not let your > users enter the firstname only? Or: > > pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*))) > > If firstname is unique, mail should be unique as well. > > - -- > Steffen KaiserSteffen, I understood their mail addresses are like steffen.kaiser at domain.com, but uid's are like uid=steffen Aki
Von unterwegs gesendet> Am 01.10.2018 um 18:27 schrieb Aki Tuomi <aki.tuomi at open-xchange.com>: > > >> On 01 October 2018 at 15:19 Steffen Kaiser <skdovecot at inf.h-brs.de> wrote: >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >>> On Sat, 29 Sep 2018, Fady AL HAYALI wrote: >>> >>> I'm setting up a Postfic and Dovecot with LDAP email server. My users in LDAP is like this: >>> >>> dn: uid=firstname,ou=People,dc=domain,dc=com >>> uid: firstname >>> uidNumber: 4025 >>> gidNumber: 4025 >>> givenName: firstname >>> objectClass: top >>> objectClass: person >>> objectClass: posixAccount >>> objectClass: shadowAccount >>> objectClass: organizationalPerson >>> objectClass: inetOrgPerson >>> loginShell: /bin/bash >>> homeDirectory: /home/firstname >>> cn: firstname lastname >>> mail: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com> >>> >>> This is how I connect Dovecot with LDAP >>> >>> hosts = ldapserver >>> ldap_version = 3 >>> base = ou=People,dc=domain,dc=com >>> deref = never >>> scope = subtree >>> user_attrs >>> user_filter = (&(objectclass=inetOrgPerson)(uid=%n) >>> pass_attrs = uid=user,userPassword=password >>> pass_filter = (&(objectclass=inetOrgPerson)(uid=%n)) >>> default_pass_scheme = SSHA >>> >>> When I enter a user's email address and password as the following: >>> email: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com> >>> password: password >>> >>> and according to my setting which I used "%n" as you see above, the username used to authenticate is "firstname.lastname". I checked the Dovecot variables but I couldn't find something useful in this case to manipulate the "%n" variable. >>> >>> I would like to keep using email addresses as "firstname.lastname at domain.com"<mailto:firstname.lastname at domain.com> but authenticate users using their first name. I really hit a wall here and any help will be much appreciated. >> >> Well, for me, this sounds strange, using firstname only. Why not let your >> users enter the firstname only? Or: >> >> pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*))) >> >> If firstname is unique, mail should be unique as well. >> >> - -- >> Steffen Kaiser > > > Steffen, I understood their mail addresses are like steffen.kaiser at domain.com, but uid's are like uid=steffen > > AkiI guess this seems to be the desired behaviour as well. Getting interesting when handling collisions. Not possible to decide by password which account should be used as far as i can tell, as this would be some sort of brute force authentication?!? -M
On Mon, Oct 01, 2018 at 11:25:48PM +0200, Admin wrote:> > > Von unterwegs gesendet > > > Am 01.10.2018 um 18:27 schrieb Aki Tuomi <aki.tuomi at open-xchange.com>: > > > > > >> On 01 October 2018 at 15:19 Steffen Kaiser <skdovecot at inf.h-brs.de> wrote: > >> > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >>> On Sat, 29 Sep 2018, Fady AL HAYALI wrote: > >>> > >>> I'm setting up a Postfic and Dovecot with LDAP email server. My users in LDAP is like this: > >>> > >>> dn: uid=firstname,ou=People,dc=domain,dc=com > >>> uid: firstname > >>> uidNumber: 4025 > >>> gidNumber: 4025 > >>> givenName: firstname > >>> objectClass: top > >>> objectClass: person > >>> objectClass: posixAccount > >>> objectClass: shadowAccount > >>> objectClass: organizationalPerson > >>> objectClass: inetOrgPerson > >>> loginShell: /bin/bash > >>> homeDirectory: /home/firstname > >>> cn: firstname lastname > >>> mail: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com> > >>> > >>> This is how I connect Dovecot with LDAP > >>> > >>> hosts = ldapserver > >>> ldap_version = 3 > >>> base = ou=People,dc=domain,dc=com > >>> deref = never > >>> scope = subtree > >>> user_attrs > >>> user_filter = (&(objectclass=inetOrgPerson)(uid=%n) > >>> pass_attrs = uid=user,userPassword=password > >>> pass_filter = (&(objectclass=inetOrgPerson)(uid=%n)) > >>> default_pass_scheme = SSHA > >>> > >>> When I enter a user's email address and password as the following: > >>> email: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com> > >>> password: password > >>> > >>> and according to my setting which I used "%n" as you see above, the username used to authenticate is "firstname.lastname". I checked the Dovecot variables but I couldn't find something useful in this case to manipulate the "%n" variable. > >>> > >>> I would like to keep using email addresses as "firstname.lastname at domain.com"<mailto:firstname.lastname at domain.com> but authenticate users using their first name. I really hit a wall here and any help will be much appreciated. > >> > >> Well, for me, this sounds strange, using firstname only. Why not let your > >> users enter the firstname only? Or: > >> > >> pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*))) > >> > >> If firstname is unique, mail should be unique as well. > >> > >> - -- > >> Steffen Kaiser > > > > > > Steffen, I understood their mail addresses are like steffen.kaiser at domain.com, but uid's are like uid=steffen > > > > Aki > > I guess this seems to be the desired behaviour as well. Getting interesting when handling collisions. Not possible to decide by password which account should be used as far as i can tell, as this would be some sort of brute force authentication?!?Not when a lot of people choose 123456 as their passwords. -- hendrik> > -M