Ldap – Using external email addresses to authenticate with ldap

ldap

I understand that if you try to authenticate with an email address e.g. me@server.com, ldap assumes there is a user "me" in a domain "server.com" (i.e DC=com,DC=server) in the ldap directory.

I wonder if it is possible at all to have users use their own email accounts (like me@gmail.com) to login to my ldap server even though I don't have all ther email address domain names defined as domains in my ldap directory?

Any pointers appreciated.

Best Answer

This question probably needs more specifics, like what software is performing the auth, what LDAP server is it authing against? Generally speaking, you can do whatever the heck you want to allow yourself to do in LDAP.

My think would be:

dn: uid=me,dc=server,dc=com

And then me has an attribute:

emailAddress=me@gmail.com

for this latter case, if you were using Apache to auth, you might have a configuration like this:

AuthType Basic
AuthName "Log in with your e-mail address"
AuthBasicProvider ldap
AuthLDAPURL "ldap://ldap.example.com/dc=example,dc=com?emailAddress"
require valid-user

Here, Apache would search for a user with emailAddress=me@gmail.com, and log in user me using that address.

-danny

Best Answer

Related Solutions

Ldap – Active Directory LDAP and user issues (using apache2 for svn access)

Windows – Apache httpd with LDAP error in CentOS

Related Topic