Greetings gurus,
I have many questions, most of which I am sure will be answered by the days of reading in front of me. But one thing I think I should have read by now, and haven't been able to find by searching, is what characters are allowed for a login name. Allow me to elaborate:
I configured my ox install to authenticate against ldap, with problems doing so, of course. My cn is "first last" - separated by a space. the oxldapsync program would not import if the uidAttribute was set to cn, but it did work if I set it to uid, which I have as "first.last" - separated by a dot. So I used that to import my users.
But then, I could not authenticate against ldap because the dn of my users starts with cn=, not uid=. Next time I set up an ldap directory, I will know better, but this one is already in production, and I don't want to change it. So I went into the mysql database, and changed the dot to a space, and sure enough I can log in now, with a space in my name.
So since oxldapsync didn't want to let me do it, am I setting myself up for disaster by manually putting a space in it?
Along the same lines, in my experimenting, I tried to set it up to login with full email address, so I set the ldapauth file to have a uidAttribute of mail, but when I tried to login with a full email address, the logs tell me that what is submitted to the ldap server has the @ symbol and everything past is truncated (mail=bob.miller,ou=people,etc). I considered but did not try the imap authentication package, full email address is not my preferred login. I am just curious why the '@' was cut off of the username...
So, have I glossed over the relevant documentation? Or maybe it's buried in some document I haven't found yet? In an ideal world, this question would initiate a discussion on different possibilities regarding login identities...
Thank you...
I have many questions, most of which I am sure will be answered by the days of reading in front of me. But one thing I think I should have read by now, and haven't been able to find by searching, is what characters are allowed for a login name. Allow me to elaborate:
I configured my ox install to authenticate against ldap, with problems doing so, of course. My cn is "first last" - separated by a space. the oxldapsync program would not import if the uidAttribute was set to cn, but it did work if I set it to uid, which I have as "first.last" - separated by a dot. So I used that to import my users.
But then, I could not authenticate against ldap because the dn of my users starts with cn=, not uid=. Next time I set up an ldap directory, I will know better, but this one is already in production, and I don't want to change it. So I went into the mysql database, and changed the dot to a space, and sure enough I can log in now, with a space in my name.
So since oxldapsync didn't want to let me do it, am I setting myself up for disaster by manually putting a space in it?
Along the same lines, in my experimenting, I tried to set it up to login with full email address, so I set the ldapauth file to have a uidAttribute of mail, but when I tried to login with a full email address, the logs tell me that what is submitted to the ldap server has the @ symbol and everything past is truncated (mail=bob.miller,ou=people,etc). I considered but did not try the imap authentication package, full email address is not my preferred login. I am just curious why the '@' was cut off of the username...
So, have I glossed over the relevant documentation? Or maybe it's buried in some document I haven't found yet? In an ideal world, this question would initiate a discussion on different possibilities regarding login identities...
Thank you...