Would be possible following scenario?
1. do the SQL passdb lookup, do the remap & return password = NULL
without nopassword
2. do the LDAP bind
I think it works, but I'm not sure if there are some security/other flaws.
Milo
Dne 11.01.2021 v 17:11 Miloslav Hůla napsal(a):
Probably not way for me. I forgot to write, then I cannot change LDAP
schema, so bindDN is fixed for me.
Milo
Dne 11.01.2021 v 17:00 Aki Tuomi napsal(a):
auth_bind_userdn = uid=%d,dc=domain,dc=tld, also see
%D - return “sub.domain.org” as “sub,dc=domain,dc=org” (for LDAP queries)
from
https://doc.dovecot.org/configuration_manual/config_file/config_variables/
Aki
On 11/01/2021 17:58 Miloslav Hůla <miloslav.h...@gmail.com> wrote:
Hi,
with Dovecot 2.3.4 I would like to allow user to login with two
different usernames:
- USERNAME (no domain) - now works
- name.surn...@domain.tld - would like to add
Problem is, that the only authentication method I have is LDAP bind by
USERNAME. Now I use:
============
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
# Args
uris = ldaps://ldap.domain.tld
auth_bind = yes
auth_bind_userdn = uid=%u,dc=domain,dc=tld
base =
============
I know passdb can remap user&domain, but I have no password hash at all.
And for example '{SASL}' is not supported password scheme to return e.g.
from SQL passdb.
Is there any way how to achive this? Maybe somehow remap username in
first passdb and then continue to LDAP bind?
1. login as name.surn...@domain.tld
2. remap to USERNAME
3. do the LDAP bind
Milo
