[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: some thoughts about RDN

On Sunday 07 June 2009 10:12:41 Paweł Madej wrote:
> Hello,
> I have such RDN
> cn=user1,dc=example,dc=com
> but my webmail software knows users only by emails (which is attribute to
> cn=user1,dc=example,dc=com)
> My question is how can i authenticate in LDAP using provided email?

Why do you *think* you need to do this? What (inadequate regarding LDAP) 
software has a requirement like this? Typically, any LDAP-using application 
should be able to authenticate any entry on any attribute you choose, as 
typical operation of an LDAP-using application for authentication is:

1)Bind as a DN allowed to search for a user
2)Search for a user using a configurable search filter, and retrieve the DN (at 
3)Using the password the user supplied, do a simple bind as the DN from (2).

If you have software trying to do DN construction from the username the user 
supplied, I would recommend you return this to the vendor and find better 
software (or, file bug reports to have the software fixed).

> I tried
> sth like mail=test@example.com,dc=example,dc=com but ldap refuses such
> login.

Why should it? The RDN isn't the only attribute on the DN ....