[GH-ISSUE #191] Support for the userPrincipalName attribute #74

Closed
opened 2026-02-27 08:15:06 +03:00 by kerem · 3 comments
Owner

Originally created by @publicdesert on GitHub (Jun 15, 2022).
Original GitHub issue: https://github.com/lldap/lldap/issues/191

First of all, I really appreciate this project.

In my pull request (#190) I added an example configuration for Seafile. Since Seafile requires an unique identifier in an email-like format, I used the mail attribute in my config. I noticed however, that this is not really ideal, since the user is able to change his personal email address himself. Therefore I was wondering if it would be possible to add support for the userPrincipalName which would return <name>@<tree name>.

Originally created by @publicdesert on GitHub (Jun 15, 2022). Original GitHub issue: https://github.com/lldap/lldap/issues/191 First of all, I really appreciate this project. In my pull request (#190) I added an example configuration for Seafile. Since Seafile requires an unique identifier in an email-like format, I used the `mail` attribute in my config. I noticed however, that this is not really ideal, since the user is able to change his personal email address himself. Therefore I was wondering if it would be possible to add support for the [userPrincipalName](https://ldapwiki.com/wiki/UserPrincipalName) which would return `<name>@<tree name>`.
kerem closed this issue 2026-02-27 08:15:06 +03:00
Author
Owner

@nitnelave commented on GitHub (Jun 17, 2022):

Is it really that bad to log in with your email address? They're still required to be unique so there won't be a conflict.

Adding support for that attribute would complicate things more than I'd like, when we have a perfectly good solution already.

<!-- gh-comment-id:1158561147 --> @nitnelave commented on GitHub (Jun 17, 2022): Is it really that bad to log in with your email address? They're still required to be unique so there won't be a conflict. Adding support for that attribute would complicate things more than I'd like, when we have a perfectly good solution already.
Author
Owner

@publicdesert commented on GitHub (Jun 17, 2022):

The problem is that when using the mail attribute as an identifier, Seafile will treat you as an entirely new user if you change your email address through LLDAP.

For my personal setup I ended up using Authelia with LLDAP as the backend for Seafile and a few services that only support OAuth. Seafile's OAuth login feature is a lot more flexible then it's LDAP one. Thus I personally do not need this feature anymore, but it may be useful for others.

<!-- gh-comment-id:1158818893 --> @publicdesert commented on GitHub (Jun 17, 2022): The problem is that when using the mail attribute as an identifier, Seafile will treat you as an entirely new user if you change your email address through LLDAP. For my personal setup I ended up using Authelia with LLDAP as the backend for Seafile and a few services that only support OAuth. Seafile's OAuth login feature is a lot more flexible then it's LDAP one. Thus I personally do not need this feature anymore, but it may be useful for others.
Author
Owner

@nitnelave commented on GitHub (Jun 17, 2022):

Yeah, for me that's more of a Seafile problem than LLDAP.

Glad you found a solution, I'll close this issue.

<!-- gh-comment-id:1158847162 --> @nitnelave commented on GitHub (Jun 17, 2022): Yeah, for me that's more of a Seafile problem than LLDAP. Glad you found a solution, I'll close this issue.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/lldap-lldap#74
No description provided.