Re: some thoughts about RDN

[Paweł Madej <nysander@quanteam.pl>]

The software I try to use is Roundcube webmail, i log to it to read email
using full email address and password. It provides backend for ldap
addressbook so and can provide for ldap binding full email or only username
(part before @) and password from email logging.


As I'm new to LDAP at all so I don't know how to create login DN for this
to use email attribute of users to authenticate. I cannot tell you if this
software architecture is invalid because I have too little knowledge in
this topic.

Anyway thank you for your comments.

Greets
Pawel.

On Tue, 9 Jun 2009 18:46:07 +0200, Buchan Milne
<bgmilne@staff.telkomsa.net>
wrote:
> On Sunday 07 June 2009 10:12:41 Paweł Madej wrote:
>> Hello,
>>
>> I have such RDN
>>
>> cn=user1,dc=example,dc=com
>>
>> but my webmail software knows users only by emails (which is attribute
to
>>
>> cn=user1,dc=example,dc=com)
>>
>> My question is how can i authenticate in LDAP using provided email?
> 
> Why do you *think* you need to do this? What (inadequate regarding LDAP) 
> software has a requirement like this? Typically, any LDAP-using
application
> 
> should be able to authenticate any entry on any attribute you choose, as 
> typical operation of an LDAP-using application for authentication is:
> 
> 1)Bind as a DN allowed to search for a user
> 2)Search for a user using a configurable search filter, and retrieve the
DN
> (at 
> least)
> 3)Using the password the user supplied, do a simple bind as the DN from
> (2).
> 
> If you have software trying to do DN construction from the username the
> user 
> supplied, I would recommend you return this to the vendor and find better

> software (or, file bug reports to have the software fixed).
> 
>> I tried
>> sth like mail=test@example.com,dc=example,dc=com but ldap refuses such
>> login.
> 
> Why should it? The RDN isn't the only attribute on the DN ....
> 
> Regards,
> Buchan