[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: some thoughts about RDN

To: Paweł Madej <nysander@quanteam.pl>
Subject: Re: some thoughts about RDN
From: Piotr Wadas <pwadas@dtpw.pl>
Date: Sun, 7 Jun 2009 14:37:39 +0200 (CEST)
Cc: openldap-technical@openldap.org
In-reply-to: <7e0c3b7c6ac6a33c4be37657143ab6f9@poczta.quanteam.pl>
References: <7e0c3b7c6ac6a33c4be37657143ab6f9@poczta.quanteam.pl>

On Sun, 7 Jun 2009, Paweł Madej wrote:

> Hello,
> 
> I have such RDN
> 
> cn=user1,dc=example,dc=com
> 
> but my webmail software knows users only by emails (which is attribute to 
> 
> cn=user1,dc=example,dc=com)
> 
> My question is how can i authenticate in LDAP using provided email? I tried
> sth like mail=test@example.com,dc=example,dc=com but ldap refuses such
> login.
> 
> Thanks in advance for help
> 
> Greets 
> Pawel
> 

First and simple solution is to setup cn value exactly the same as
"mail" value, or, even simplier, use "mail=user1@domain.com" as RDN 
element. You could also use ldap proxy to map mail attribute to cn
attribute (or reverse) in virtual directory.

However, the nature of email address is, that probably two different
users may have the same address (group alias), and more than one
address can direct mail to the same final user. So, using mail as
RDN is probably not a wise solution.

Probably the best effect you'll got if you make some simple modification
to webmail software You use, to "translate" email address a user puts
into "login" field into a value, which will be used for authentication
purposes. Or, you can play with sasl, kerberos and realms regarding the
domain name.

Regards,
P.

Follow-Ups:
- Re: some thoughts about RDN
  - From: Paweł Madej <nysander@quanteam.pl>

References:
- some thoughts about RDN
  - From: Paweł Madej <nysander@quanteam.pl>

Prev by Date: some thoughts about RDN
Next by Date: Re: some thoughts about RDN
Index(es):
- Chronological
- Thread