[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: some thoughts about RDN

To: openldap-technical@openldap.org
Subject: Re: some thoughts about RDN
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Tue, 9 Jun 2009 18:46:07 +0200
Cc: Paweł Madej <nysander@quanteam.pl>
Content-disposition: inline
In-reply-to: <7e0c3b7c6ac6a33c4be37657143ab6f9@poczta.quanteam.pl>
References: <7e0c3b7c6ac6a33c4be37657143ab6f9@poczta.quanteam.pl>
User-agent: KMail/1.11.2 (Linux/2.6.29.1-desktop-4mnb; KDE/4.2.2; x86_64; ; )

On Sunday 07 June 2009 10:12:41 Paweł Madej wrote:
> Hello,
>
> I have such RDN
>
> cn=user1,dc=example,dc=com
>
> but my webmail software knows users only by emails (which is attribute to
>
> cn=user1,dc=example,dc=com)
>
> My question is how can i authenticate in LDAP using provided email?

Why do you *think* you need to do this? What (inadequate regarding LDAP) 
software has a requirement like this? Typically, any LDAP-using application 
should be able to authenticate any entry on any attribute you choose, as 
typical operation of an LDAP-using application for authentication is:

1)Bind as a DN allowed to search for a user
2)Search for a user using a configurable search filter, and retrieve the DN (at 
least)
3)Using the password the user supplied, do a simple bind as the DN from (2).

If you have software trying to do DN construction from the username the user 
supplied, I would recommend you return this to the vendor and find better 
software (or, file bug reports to have the software fixed).

> I tried
> sth like mail=test@example.com,dc=example,dc=com but ldap refuses such
> login.

Why should it? The RDN isn't the only attribute on the DN ....

Regards,
Buchan

Follow-Ups:
- Re: some thoughts about RDN
  - From: Paweł Madej <nysander@quanteam.pl>

References:
- some thoughts about RDN
  - From: Paweł Madej <nysander@quanteam.pl>

Prev by Date: password change and ppolicy
Next by Date: Re: some thoughts about RDN
Index(es):
- Chronological
- Thread