[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: some thoughts about RDN


Thanks for comments

If my LDAP directory was only for that email i could do this, because even
webmail developers recomend use of mail in RDN (roundcube webmail). but I
plan to have rather wider use of DIT so cn=user1,dc=example,dc=com is
easiest solution for me.

maybe are there in LDAP some aliases which I could use to map email to
user? email is in my case rather unique per user.


On Sun, 7 Jun 2009 14:37:39 +0200 (CEST), Piotr Wadas <pwadas@dtpw.pl>
> On Sun, 7 Jun 2009, Paweł Madej wrote:
>> Hello,
>> I have such RDN
>> cn=user1,dc=example,dc=com
>> but my webmail software knows users only by emails (which is attribute
>> cn=user1,dc=example,dc=com)
>> My question is how can i authenticate in LDAP using provided email? I
>> tried
>> sth like mail=test@example.com,dc=example,dc=com but ldap refuses such
>> login.
>> Thanks in advance for help
>> Greets 
>> Pawel
> First and simple solution is to setup cn value exactly the same as
> "mail" value, or, even simplier, use "mail=user1@domain.com" as RDN 
> element. You could also use ldap proxy to map mail attribute to cn
> attribute (or reverse) in virtual directory.
> However, the nature of email address is, that probably two different
> users may have the same address (group alias), and more than one
> address can direct mail to the same final user. So, using mail as
> RDN is probably not a wise solution.
> Probably the best effect you'll got if you make some simple modification
> to webmail software You use, to "translate" email address a user puts
> into "login" field into a value, which will be used for authentication
> purposes. Or, you can play with sasl, kerberos and realms regarding the
> domain name.
> Regards,
> P.