Von unterwegs gesendet
> Am 01.10.2018 um 18:27 schrieb Aki Tuomi <[email protected]>:
>
>
>> On 01 October 2018 at 15:19 Steffen Kaiser <[email protected]> wrote:
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>> On Sat, 29 Sep 2018, Fady AL HAYALI wrote:
>>>
>>> I'm setting up a Postfic and Dovecot with LDAP email server. My users in
>>> LDAP is like this:
>>>
>>> dn: uid=firstname,ou=People,dc=domain,dc=com
>>> uid: firstname
>>> uidNumber: 4025
>>> gidNumber: 4025
>>> givenName: firstname
>>> objectClass: top
>>> objectClass: person
>>> objectClass: posixAccount
>>> objectClass: shadowAccount
>>> objectClass: organizationalPerson
>>> objectClass: inetOrgPerson
>>> loginShell: /bin/bash
>>> homeDirectory: /home/firstname
>>> cn: firstname lastname
>>> mail: [email protected]<mailto:[email protected]>
>>>
>>> This is how I connect Dovecot with LDAP
>>>
>>> hosts = ldapserver
>>> ldap_version = 3
>>> base = ou=People,dc=domain,dc=com
>>> deref = never
>>> scope = subtree
>>> user_attrs =
>>> user_filter = (&(objectclass=inetOrgPerson)(uid=%n)
>>> pass_attrs = uid=user,userPassword=password
>>> pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
>>> default_pass_scheme = SSHA
>>>
>>> When I enter a user's email address and password as the following:
>>> email: [email protected]<mailto:[email protected]>
>>> password: password
>>>
>>> and according to my setting which I used "%n" as you see above, the
>>> username used to authenticate is "firstname.lastname". I checked the
>>> Dovecot variables but I couldn't find something useful in this case to
>>> manipulate the "%n" variable.
>>>
>>> I would like to keep using email addresses as
>>> "[email protected]"<mailto:[email protected]> but
>>> authenticate users using their first name. I really hit a wall here and any
>>> help will be much appreciated.
>>
>> Well, for me, this sounds strange, using firstname only. Why not let your
>> users enter the firstname only? Or:
>>
>> pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*)))
>>
>> If firstname is unique, mail should be unique as well.
>>
>> - --
>> Steffen Kaiser
>
>
> Steffen, I understood their mail addresses are like
> [email protected], but uid's are like uid=steffen
>
> Aki
I guess this seems to be the desired behaviour as well. Getting interesting
when handling collisions. Not possible to decide by password which account
should be used as far as i can tell, as this would be some sort of brute force
authentication?!?
-M
