We are using a Domino LDAP authentication as well. Although we don't allow outside email to be addressed to the shortname, we do honor old names (people get married, divorced, etc.) by putting the "grandfathered" names in the Full Name field in the Domino Directory. You might be able to include the shortname there, as well, i.e. email@example.com.
Our LDAP query looks like this:
I most definitely am NOT an LDAP expert, but this does work for us.
well, problem here is that shortnames don't contain domain names while %mail% substitution have it, so I can't check them.
As you said, the shortname doesn't contain the domain name. The end result is that, unless you add an attribute to each user which sets up a new email address for each user of firstname.lastname@example.org, you cannot email through the appliance to a shortname address. Other than that, it will be necessary to submit a PER through our request system to see if that could be added as a feature to the product.
thanks for your feedback, one more question: what is the purpose of identity attribute? What if I would add my shortname as identity attribute 2? Will it help me somehow?
I ran into one pretty much the same as this a while back. There is a token you can use to authenticate against just the localpart of the address, which it sounds like you need that as well. Try modifying your query to this:
I have been meaning to write a KB on this, however time has been short. Here is a breakdown of some of the vairables you can use in MEG7 for LDAP:
%local% represents the user part of the email
%domain% represents the domain part of the email
%emailplain% is used for emails which are quoted (eg: “xyz”@abc.com), and we cannot use the same email format for making ldap queries. So using %emailplain%, we can change the “xyz”@abc.com to email@example.com.
Let me know if that works for you. Thanks.