> Am 02.10.2018 um 00:59 schrieb Hendrik Boom <hend...@topoi.pooq.com>:
>
>> On Mon, Oct 01, 2018 at 11:25:48PM +0200, Admin wrote:
>>
>>
>> Von unterwegs gesendet
>>
>>> Am 01.10.2018 um 18:27 schrieb Aki Tuomi <aki.tu...@open-xchange.com>:
>>>
>>>
>>>> On 01 October 2018 at 15:19 Steffen Kaiser <skdove...@inf.h-brs.de> wrote:
>>>>
>>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>>> On Sat, 29 Sep 2018, Fady AL HAYALI wrote:
>>>>>
>>>>> I'm setting up a Postfic and Dovecot with LDAP email server. My users in
>>>>> LDAP is like this:
>>>>>
>>>>> dn: uid=firstname,ou=People,dc=domain,dc=com
>>>>> uid: firstname
>>>>> uidNumber: 4025
>>>>> gidNumber: 4025
>>>>> givenName: firstname
>>>>> objectClass: top
>>>>> objectClass: person
>>>>> objectClass: posixAccount
>>>>> objectClass: shadowAccount
>>>>> objectClass: organizationalPerson
>>>>> objectClass: inetOrgPerson
>>>>> loginShell: /bin/bash
>>>>> homeDirectory: /home/firstname
>>>>> cn: firstname lastname
>>>>> mail: firstname.lastn...@domain.com<mailto:firstname.lastn...@domain.com>
>>>>>
>>>>> This is how I connect Dovecot with LDAP
>>>>>
>>>>> hosts = ldapserver
>>>>> ldap_version = 3
>>>>> base = ou=People,dc=domain,dc=com
>>>>> deref = never
>>>>> scope = subtree
>>>>> user_attrs =
>>>>> user_filter = (&(objectclass=inetOrgPerson)(uid=%n)
>>>>> pass_attrs = uid=user,userPassword=password
>>>>> pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
>>>>> default_pass_scheme = SSHA
>>>>>
>>>>> When I enter a user's email address and password as the following:
>>>>> email: firstname.lastn...@domain.com<mailto:firstname.lastn...@domain.com>
>>>>> password: password
>>>>>
>>>>> and according to my setting which I used "%n" as you see above, the
>>>>> username used to authenticate is "firstname.lastname". I checked the
>>>>> Dovecot variables but I couldn't find something useful in this case to
>>>>> manipulate the "%n" variable.
>>>>>
>>>>> I would like to keep using email addresses as
>>>>> "firstname.lastn...@domain.com"<mailto:firstname.lastn...@domain.com> but
>>>>> authenticate users using their first name. I really hit a wall here and
>>>>> any help will be much appreciated.
>>>>
>>>> Well, for me, this sounds strange, using firstname only. Why not let your
>>>> users enter the firstname only? Or:
>>>>
>>>> pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*)))
>>>>
>>>> If firstname is unique, mail should be unique as well.
>>>>
>>>> - --
>>>> Steffen Kaiser
>>>
>>>
>>> Steffen, I understood their mail addresses are like
>>> steffen.kai...@domain.com, but uid's are like uid=steffen
>>>
>>> Aki
>>
>> I guess this seems to be the desired behaviour as well. Getting interesting
>> when handling collisions. Not possible to decide by password which account
>> should be used as far as i can tell, as this would be some sort of brute
>> force authentication?!?
>
> Not when a lot of people choose 123456 as their passwords.
I guess at this point the last name would make an excellent password :)
>
> -- hendrik
>
>>
>> -M
