On Mon, Oct 01, 2018 at 11:25:48PM +0200, Admin wrote: > > > Von unterwegs gesendet > > > Am 01.10.2018 um 18:27 schrieb Aki Tuomi <aki.tu...@open-xchange.com>: > > > > > >> On 01 October 2018 at 15:19 Steffen Kaiser <skdove...@inf.h-brs.de> wrote: > >> > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >>> On Sat, 29 Sep 2018, Fady AL HAYALI wrote: > >>> > >>> I'm setting up a Postfic and Dovecot with LDAP email server. My users in > >>> LDAP is like this: > >>> > >>> dn: uid=firstname,ou=People,dc=domain,dc=com > >>> uid: firstname > >>> uidNumber: 4025 > >>> gidNumber: 4025 > >>> givenName: firstname > >>> objectClass: top > >>> objectClass: person > >>> objectClass: posixAccount > >>> objectClass: shadowAccount > >>> objectClass: organizationalPerson > >>> objectClass: inetOrgPerson > >>> loginShell: /bin/bash > >>> homeDirectory: /home/firstname > >>> cn: firstname lastname > >>> mail: > >>> firstname.lastn...@domain.com<mailto:firstname.lastn...@domain.com> > >>> > >>> This is how I connect Dovecot with LDAP > >>> > >>> hosts = ldapserver > >>> ldap_version = 3 > >>> base = ou=People,dc=domain,dc=com > >>> deref = never > >>> scope = subtree > >>> user_attrs = > >>> user_filter = (&(objectclass=inetOrgPerson)(uid=%n) > >>> pass_attrs = uid=user,userPassword=password > >>> pass_filter = (&(objectclass=inetOrgPerson)(uid=%n)) > >>> default_pass_scheme = SSHA > >>> > >>> When I enter a user's email address and password as the following: > >>> email: firstname.lastn...@domain.com<mailto:firstname.lastn...@domain.com> > >>> password: password > >>> > >>> and according to my setting which I used "%n" as you see above, the > >>> username used to authenticate is "firstname.lastname". I checked the > >>> Dovecot variables but I couldn't find something useful in this case to > >>> manipulate the "%n" variable. > >>> > >>> I would like to keep using email addresses as > >>> "firstname.lastn...@domain.com"<mailto:firstname.lastn...@domain.com> but > >>> authenticate users using their first name. I really hit a wall here and > >>> any help will be much appreciated. > >> > >> Well, for me, this sounds strange, using firstname only. Why not let your > >> users enter the firstname only? Or: > >> > >> pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*))) > >> > >> If firstname is unique, mail should be unique as well. > >> > >> - -- > >> Steffen Kaiser > > > > > > Steffen, I understood their mail addresses are like > > steffen.kai...@domain.com, but uid's are like uid=steffen > > > > Aki > > I guess this seems to be the desired behaviour as well. Getting interesting > when handling collisions. Not possible to decide by password which account > should be used as far as i can tell, as this would be some sort of brute > force authentication?!?
Not when a lot of people choose 123456 as their passwords. -- hendrik > > -M
