Not sure if you read my mail wrong, but if
user.name works and [email protected] does not work, then why not just write auth_bind_userdn = uid=%d,dc=domain,dc=tld note the %d, which means, expand to local part (user.name) instead of [email protected]. Aki > On 11/01/2021 18:28 Miloslav Hůla <[email protected]> wrote: > > > Would be possible following scenario? > > 1. do the SQL passdb lookup, do the remap & return password = NULL > without nopassword > 2. do the LDAP bind > > I think it works, but I'm not sure if there are some security/other flaws. > > Milo > > > Dne 11.01.2021 v 17:11 Miloslav Hůla napsal(a): > > Probably not way for me. I forgot to write, then I cannot change LDAP > > schema, so bindDN is fixed for me. > > > > Milo > > > > Dne 11.01.2021 v 17:00 Aki Tuomi napsal(a): > >> auth_bind_userdn = uid=%d,dc=domain,dc=tld, also see > >> > >> %D - return “sub.domain.org” as “sub,dc=domain,dc=org” (for LDAP queries) > >> > >> from > >> https://doc.dovecot.org/configuration_manual/config_file/config_variables/ > >> > >> > >> Aki > >> > >>> On 11/01/2021 17:58 Miloslav Hůla <[email protected]> wrote: > >>> > >>> Hi, > >>> > >>> with Dovecot 2.3.4 I would like to allow user to login with two > >>> different usernames: > >>> > >>> - USERNAME (no domain) - now works > >>> - [email protected] - would like to add > >>> > >>> Problem is, that the only authentication method I have is LDAP bind by > >>> USERNAME. Now I use: > >>> > >>> ============ > >>> passdb { > >>> driver = ldap > >>> args = /etc/dovecot/dovecot-ldap.conf.ext > >>> } > >>> > >>> # Args > >>> uris = ldaps://ldap.domain.tld > >>> auth_bind = yes > >>> auth_bind_userdn = uid=%u,dc=domain,dc=tld > >>> base = > >>> ============ > >>> > >>> I know passdb can remap user&domain, but I have no password hash at all. > >>> And for example '{SASL}' is not supported password scheme to return e.g. > >>> from SQL passdb. > >>> > >>> > >>> Is there any way how to achive this? Maybe somehow remap username in > >>> first passdb and then continue to LDAP bind? > >>> > >>> 1. login as [email protected] > >>> 2. remap to USERNAME > >>> 3. do the LDAP bind > >>> > >>> > >>> Milo
