Re: Authenticate users using their firstname

Sat, 29 Sep 2018 01:56:59 -0700 

Why not authenticate users by email address? Using firstname as user identifier 
does not sound very long term solution...

Anyways...

if you insist on using firstname only, you'll need to use Lua auth database to 
split the username (or perform the whole deal)

passdb {
   driver = lua
   args = file="/etc/dovecot/username.lua" blocking=no
}

passdb {
   driver = ldap
   args = /ldap.config
}

and put into username.lua

function auth_passdb_lookup(req)
  firstname = req.username:gsub("^([^.]+)[.].*", "%1")
  return dovecot.auth.PASSDB_RESULT_OK, {firstname=firstname, 
noauthenticate="y"}
end

Aki

> On 29 September 2018 at 11:42 Fady AL HAYALI <[email protected]> wrote:
> 
> 
> Hi,
> 
> I'm setting up a Postfic and Dovecot with LDAP email server. My users in LDAP 
> is like this:
> 
>     dn: uid=firstname,ou=People,dc=domain,dc=com
>     uid: firstname
>     uidNumber: 4025
>     gidNumber: 4025
>     givenName: firstname
>     objectClass: top
>     objectClass: person
>     objectClass: posixAccount
>     objectClass: shadowAccount
>     objectClass: organizationalPerson
>     objectClass: inetOrgPerson
>     loginShell: /bin/bash
>     homeDirectory: /home/firstname
>     cn: firstname lastname
>     mail: [email protected]<mailto:[email protected]>
> 
> This is how I connect Dovecot with LDAP
> 
>     hosts = ldapserver
>     ldap_version = 3
>     base = ou=People,dc=domain,dc=com
>     deref = never
>     scope = subtree
>     user_attrs =
>     user_filter = (&(objectclass=inetOrgPerson)(uid=%n)
>     pass_attrs = uid=user,userPassword=password
>     pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
>     default_pass_scheme = SSHA
> 
> When I enter a user's email address and password as the following:
> email: [email protected]<mailto:[email protected]>
> password: password
> 
> and according to my setting which I used "%n" as you see above, the username 
> used to authenticate is "firstname.lastname". I checked the Dovecot variables 
> but I couldn't find something useful in this case to manipulate the "%n" 
> variable.
> 
> I would like to keep using email addresses as 
> "[email protected]"<mailto:[email protected]> but 
> authenticate users using their first name. I really hit a wall here and any 
> help will be much appreciated.

Reply via email to