mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2025-04-04 00:17:06 +00:00
66ac35871e
Upstream is adding handling for utf8 domains by creating a domain alias @utf8 -> @idna. I'm deviating from this approach by setting multiple email address (idna and utf8) per user and alias where a domain contains non-ascii characters. The maildrop (mailbox) remains the same - all mail goes to the user's mailbox regardless of which email address was used. This is more in line with how other systems (eg. active directory), handle multiple email addresses for a single user. # Conflicts: # README.md # management/mailconfig.py # management/templates/index.html # setup/dns.sh # setup/mail-users.sh
61 lines
1.7 KiB
Plaintext
61 lines
1.7 KiB
Plaintext
#
|
|
# MiaB-LDAP's directory schema for time-based one time passwords (TOTP)
|
|
#
|
|
|
|
objectIdentifier MiabLDAPmfa MiabLDAProot:1
|
|
objectIdentifier MiabLDAPmfaAttributeType MiabLDAPmfa:2
|
|
objectIdentifier MiabLDAPmfaObjectClass MiabLDAPmfa:3
|
|
|
|
# secret consists of base32 characters (see RFC 4648)
|
|
|
|
attributetype ( MiabLDAPmfaAttributeType:1
|
|
DESC 'TOTP secret'
|
|
NAME 'totpSecret'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
X-ORDERED 'VALUES'
|
|
EQUALITY caseExactIA5Match )
|
|
|
|
|
|
# tokens are a base-10 string of N digits, but set the syntax to
|
|
# IA5String anyway
|
|
|
|
attributetype ( MiabLDAPmfaAttributeType:2
|
|
DESC 'TOTP last token used'
|
|
NAME 'totpMruToken'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
X-ORDERED 'VALUES'
|
|
EQUALITY caseExactIA5Match )
|
|
|
|
# the time in nanoseconds since the epoch when the mru token was last
|
|
# used. the time will also be set when a new entry is created even if
|
|
# the corresponding mru token is blank
|
|
|
|
attributetype ( MiabLDAPmfaAttributeType:3
|
|
DESC 'TOTP last token used time'
|
|
NAME 'totpMruTokenTime'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
X-ORDERED 'VALUES'
|
|
EQUALITY caseExactIA5Match )
|
|
|
|
# The label is currently any text supplied by the user, which is used
|
|
# as a reminder of where the secret is stored when logging in (where
|
|
# the authenticator app is, that holds the secret). eg "my samsung
|
|
# phone"
|
|
|
|
attributetype ( MiabLDAPmfaAttributeType:4
|
|
DESC 'TOTP device label'
|
|
NAME 'totpLabel'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
X-ORDERED 'VALUES'
|
|
EQUALITY caseIgnoreIA5Match )
|
|
|
|
|
|
# The TOTP objectClass
|
|
|
|
objectClass ( MiabLDAPmfaObjectClass:1
|
|
NAME 'totpUser'
|
|
DESC 'MiaB-LDAP TOTP settings for a user'
|
|
SUP top
|
|
AUXILIARY
|
|
MUST ( totpSecret $ totpMruToken $ totpMruTokenTime $ totpLabel ) )
|