[GH-ISSUE #191] Support for the userPrincipalName attribute #74

New issue

Closed

opened 2026-02-27 08:15:06 +03:00 by kerem · 3 comments

kerem commented

2026-02-27 08:15:06 +03:00

Owner

Originally created by @publicdesert on GitHub (Jun 15, 2022).
Original GitHub issue: https://github.com/lldap/lldap/issues/191

First of all, I really appreciate this project.

In my pull request (#190) I added an example configuration for Seafile. Since Seafile requires an unique identifier in an email-like format, I used the mail attribute in my config. I noticed however, that this is not really ideal, since the user is able to change his personal email address himself. Therefore I was wondering if it would be possible to add support for the userPrincipalName which would return <name>@<tree name>.

Originally created by @publicdesert on GitHub (Jun 15, 2022). Original GitHub issue: https://github.com/lldap/lldap/issues/191 First of all, I really appreciate this project. In my pull request (#190) I added an example configuration for Seafile. Since Seafile requires an unique identifier in an email-like format, I used the `mail` attribute in my config. I noticed however, that this is not really ideal, since the user is able to change his personal email address himself. Therefore I was wondering if it would be possible to add support for the [userPrincipalName](https://ldapwiki.com/wiki/UserPrincipalName) which would return `<name>@<tree name>`.

kerem closed this issue

2026-02-27 08:15:06 +03:00

kerem commented

2026-02-27 08:15:06 +03:00

Author

Owner

@nitnelave commented on GitHub (Jun 17, 2022):

Is it really that bad to log in with your email address? They're still required to be unique so there won't be a conflict.

Adding support for that attribute would complicate things more than I'd like, when we have a perfectly good solution already.

@nitnelave commented on GitHub (Jun 17, 2022): Is it really that bad to log in with your email address? They're still required to be unique so there won't be a conflict. Adding support for that attribute would complicate things more than I'd like, when we have a perfectly good solution already.

kerem commented

2026-02-27 08:15:06 +03:00

Author

Owner

@publicdesert commented on GitHub (Jun 17, 2022):

The problem is that when using the mail attribute as an identifier, Seafile will treat you as an entirely new user if you change your email address through LLDAP.

For my personal setup I ended up using Authelia with LLDAP as the backend for Seafile and a few services that only support OAuth. Seafile's OAuth login feature is a lot more flexible then it's LDAP one. Thus I personally do not need this feature anymore, but it may be useful for others.

@publicdesert commented on GitHub (Jun 17, 2022): The problem is that when using the mail attribute as an identifier, Seafile will treat you as an entirely new user if you change your email address through LLDAP. For my personal setup I ended up using Authelia with LLDAP as the backend for Seafile and a few services that only support OAuth. Seafile's OAuth login feature is a lot more flexible then it's LDAP one. Thus I personally do not need this feature anymore, but it may be useful for others.

kerem commented

2026-02-27 08:15:06 +03:00

Author

Owner

@nitnelave commented on GitHub (Jun 17, 2022):

Yeah, for me that's more of a Seafile problem than LLDAP.

Glad you found a solution, I'll close this issue.

@nitnelave commented on GitHub (Jun 17, 2022): Yeah, for me that's more of a Seafile problem than LLDAP. Glad you found a solution, I'll close this issue.

kerem referenced this issue

2026-02-27 08:17:52 +03:00

[PR #74] [MERGED] Jitsi Meet Docker LDAP Authentication example configuration #527