Re: [Dovecot] [SOLVED] Re: Is it possible to authenticate against Active Direcotry using the whole e-mail?

[Patrick Domack]

That would of been my next guess, to see if you could lookup the  
proper user, then attempt a login via that. Just causes extra ldap  
traffic.

Quoting ????????? ??????????? <dim...@thessaloniki.gr>:
Hi
I just solved it
using authentcation binds
  auth_bind = yes
  pass_attrs = mail=user
  pass_filter = (& (objectclass=User) (objectCategory=Person) (mail=%u))

Active Directory, as far as I know, by no means exposes users  
passwords to third party applications or services.

Thanks in advance
Dimitrios





O/H ????????? ??????????? ??????:
O/H Patrick Domack ??????:
Yes, it's possible to do this. But not possible using auth_bind.
You are going have to login using an administrator account, then  
do an ldap search for the email address, then authenicate against  
it. Using auth_bind requires you to know the username before you  
login.

http://wiki.dovecot.org/AuthDatabase/LDAP/PasswordLookups

Just need to change passfilter to do a ?proxy_email? or what it's  
called for ad


Hi,
many thanks for your reply.

Active Direcotry doesn't return the userPassword in

pass_attrs = uid=user, userPassword=password

so the password supplied by the user can't be validated.



I used this configuration

auth_bind = no
pass_attrs = mail=user, userPassword=password
pass_filter = (& (objectclass=User) (objectCategory=Person) (mail=%u))
default_pass_scheme = MD5

and although the ldap query located the user it complains with the  
following:

No password returned (and no nopassword)

Any ideas?
Dimitrios













Quoting ????????? ??????????? <dim...@thessaloniki.gr>:

Hi all!

Is it possible to authenticate against Active Directory, using  
the whole e-mail address and not
the user part (%n), so that if you support mutiple domains, all  
users should authenticate with their e-mail addresses.

I use
auth_bind_userdn = DOMAIN \ %u
but somehow the *mail* attribute of Active/LDAP should be employed.


thanks in advance
Dimitrios Karapiperis









--
????????? ??????????? ????. ??. ????????

???????? ?????????? - ?. ????????????
????? ???????????? -  ?/??? ?????????? & ???????
2310 - 257844 fax 2310 - 244965