[Date Prev][Date Next]
Re: some thoughts about RDN
Thanks for comments
If my LDAP directory was only for that email i could do this, because even
webmail developers recomend use of mail in RDN (roundcube webmail). but I
plan to have rather wider use of DIT so cn=user1,dc=example,dc=com is
easiest solution for me.
maybe are there in LDAP some aliases which I could use to map email to
user? email is in my case rather unique per user.
On Sun, 7 Jun 2009 14:37:39 +0200 (CEST), Piotr Wadas <email@example.com>
> On Sun, 7 Jun 2009, Paweł Madej wrote:
>> I have such RDN
>> but my webmail software knows users only by emails (which is attribute
>> My question is how can i authenticate in LDAP using provided email? I
>> sth like firstname.lastname@example.org,dc=example,dc=com but ldap refuses such
>> Thanks in advance for help
> First and simple solution is to setup cn value exactly the same as
> "mail" value, or, even simplier, use "email@example.com" as RDN
> element. You could also use ldap proxy to map mail attribute to cn
> attribute (or reverse) in virtual directory.
> However, the nature of email address is, that probably two different
> users may have the same address (group alias), and more than one
> address can direct mail to the same final user. So, using mail as
> RDN is probably not a wise solution.
> Probably the best effect you'll got if you make some simple modification
> to webmail software You use, to "translate" email address a user puts
> into "login" field into a value, which will be used for authentication
> purposes. Or, you can play with sasl, kerberos and realms regarding the
> domain name.