[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: some thoughts about RDN
Hello,
Thanks for comments
If my LDAP directory was only for that email i could do this, because even
webmail developers recomend use of mail in RDN (roundcube webmail). but I
plan to have rather wider use of DIT so cn=user1,dc=example,dc=com is
easiest solution for me.
maybe are there in LDAP some aliases which I could use to map email to
user? email is in my case rather unique per user.
Greets
Pawel
On Sun, 7 Jun 2009 14:37:39 +0200 (CEST), Piotr Wadas <pwadas@dtpw.pl>
wrote:
> On Sun, 7 Jun 2009, Paweł Madej wrote:
>
>> Hello,
>>
>> I have such RDN
>>
>> cn=user1,dc=example,dc=com
>>
>> but my webmail software knows users only by emails (which is attribute
to
>>
>>
>> cn=user1,dc=example,dc=com)
>>
>> My question is how can i authenticate in LDAP using provided email? I
>> tried
>> sth like mail=test@example.com,dc=example,dc=com but ldap refuses such
>> login.
>>
>> Thanks in advance for help
>>
>> Greets
>> Pawel
>>
>
> First and simple solution is to setup cn value exactly the same as
> "mail" value, or, even simplier, use "mail=user1@domain.com" as RDN
> element. You could also use ldap proxy to map mail attribute to cn
> attribute (or reverse) in virtual directory.
>
> However, the nature of email address is, that probably two different
> users may have the same address (group alias), and more than one
> address can direct mail to the same final user. So, using mail as
> RDN is probably not a wise solution.
>
> Probably the best effect you'll got if you make some simple modification
> to webmail software You use, to "translate" email address a user puts
> into "login" field into a value, which will be used for authentication
> purposes. Or, you can play with sasl, kerberos and realms regarding the
> domain name.
>
> Regards,
> P.