Re: [Dovecot] (no subject)
Thank you a lot for the tip. - Original Message From: Timo Sirainen t...@iki.fi To: Patrick Hemmen patrick.hem...@yahoo.de Cc: dovecot@dovecot.org Sent: Friday, May 29, 2009 12:00:36 AM Subject: Re: [Dovecot] (no subject) On Wed, 2009-05-27 at 17:38 +, Patrick Hemmen wrote: Hi, I use a OpenLDAP for authentication. To authenticate a full DN as the user name must be used, like cn=jim,ou=users,dc=example,dc=com. There are several domains, like example2.com and example3.com. I want to use Dovecot with ldap and authentication binds. For testing I use auth_bind_userdn = cn=%n,ou=users,dc=%d and the user name must provide as j...@example,dc=com. To allow the special chars (=,) in user name, I extend auth_username_chars. Now my questions. Exists a real chance to attack the ldap directory with the extended auth_username_chars? And it's possible to use authentication binds with the regular auth_username_chars and a provided user names like j...@example.com in my special ldap directory structure? Use: auth_bind_userdn = cn=%n,ou=users,dc=%Dd See %D in http://wiki.dovecot.org/Variables
[Dovecot] (no subject)
Hi, I use a OpenLDAP for authentication. To authenticate a full DN as the user name must be used, like cn=jim,ou=users,dc=example,dc=com. There are several domains, like example2.com and example3.com. I want to use Dovecot with ldap and authentication binds. For testing I use auth_bind_userdn = cn=%n,ou=users,dc=%d and the user name must provide as j...@example,dc=com. To allow the special chars (=,) in user name, I extend auth_username_chars. Now my questions. Exists a real chance to attack the ldap directory with the extended auth_username_chars? And it's possible to use authentication binds with the regular auth_username_chars and a provided user names like j...@example.com in my special ldap directory structure? Thanks in advance - Patrick
Re: [Dovecot] (no subject) LDAP authentication binds with special chars
Sorry for the missing subject. Hi, I use a OpenLDAP for authentication. To authenticate a full DN as the user name must be used, like cn=jim,ou=users,dc=example,dc=com. There are several domains, like example2.com and example3.com. I want to use Dovecot with ldap and authentication binds. For testing I use auth_bind_userdn = cn=%n,ou=users,dc=%d and the user name must provide as j...@example,dc=com. To allow the special chars (=,) in user name, I extend auth_username_chars. Now my questions. Exists a real chance to attack the ldap directory with the extended auth_username_chars? And it's possible to use authentication binds with the regular auth_username_chars and a provided user names like j...@example.com in my special ldap directory structure? Thanks in advance - Patrick
