tinyauthapp · itasli · May 3, 2026
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -268,6 +268,7 @@ type LdapUser struct {
 type UserSearch struct {
 	Username string
 	Type     string // local, ldap or unknown
+	Email    string
 }
 
 type UserContext struct {

diff --git a/internal/controller/user_controller.go b/internal/controller/user_controller.go
@@ -172,6 +172,9 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 
 	if userSearch.Type == "ldap" {
 		sessionCookie.Provider = "ldap"
+		if userSearch.Email != "" {
+			sessionCookie.Email = userSearch.Email
+		}
 	}
 
 	tlog.App.Trace().Interface("session_cookie", sessionCookie).Msg("Creating session cookie")

diff --git a/internal/middleware/context_middleware.go b/internal/middleware/context_middleware.go
@@ -240,10 +240,15 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 				return
 			}
 
+			email := utils.CompileUserEmail(basic.Username, m.config.CookieDomain)
+			if userSearch.Email != "" {
+				email = userSearch.Email
+			}
+
 			c.Set("context", &config.UserContext{
 				Username:    basic.Username,
 				Name:        utils.Capitalize(basic.Username),
-				Email:       utils.CompileUserEmail(basic.Username, m.config.CookieDomain),
+				Email:       email,
 				Provider:    "ldap",
 				IsLoggedIn:  true,
 				LdapGroups:  strings.Join(ldapUser.Groups, ","),

diff --git a/internal/service/auth_service.go b/internal/service/auth_service.go
@@ -123,7 +123,7 @@ func (auth *AuthService) SearchUser(username string) config.UserSearch {
 	}
 
 	if auth.ldap.IsConfigured() {
-		userDN, err := auth.ldap.GetUserDN(username)
+		userDN, email, err := auth.ldap.GetUserInfo(username)
 
 		if err != nil {
 			tlog.App.Warn().Err(err).Str("username", username).Msg("Failed to search for user in LDAP")
@@ -135,6 +135,7 @@ func (auth *AuthService) SearchUser(username string) config.UserSearch {
 		return config.UserSearch{
 			Username: userDN,
 			Type:     "ldap",
+			Email:    email,
 		}
 	}
 

diff --git a/internal/service/ldap_service.go b/internal/service/ldap_service.go
@@ -143,16 +143,15 @@ func (ldap *LdapService) connect() (*ldapgo.Conn, error) {
 	return ldap.conn, nil
 }
 
-func (ldap *LdapService) GetUserDN(username string) (string, error) {
-	// Escape the username to prevent LDAP injection
+func (ldap *LdapService) GetUserInfo(username string) (dn string, email string, err error) {
 	escapedUsername := ldapgo.EscapeFilter(username)
 	filter := fmt.Sprintf(ldap.config.SearchFilter, escapedUsername)
 
 	searchRequest := ldapgo.NewSearchRequest(
 		ldap.config.BaseDN,
 		ldapgo.ScopeWholeSubtree, ldapgo.NeverDerefAliases, 0, 0, false,
 		filter,
-		[]string{"dn"},
+		[]string{"dn", "mail"},
 		nil,
 	)
 
@@ -161,15 +160,15 @@ func (ldap *LdapService) GetUserDN(username string) (string, error) {
 
 	searchResult, err := ldap.conn.Search(searchRequest)
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
 
 	if len(searchResult.Entries) != 1 {
-		return "", fmt.Errorf("multiple or no entries found for user %s", username)
+		return "", "", fmt.Errorf("multiple or no entries found for user %s", username)
 	}
 
-	userDN := searchResult.Entries[0].DN
-	return userDN, nil
+	entry := searchResult.Entries[0]
+	return entry.DN, entry.GetAttributeValue("mail"), nil
 }
 
 func (ldap *LdapService) GetUserGroups(userDN string) ([]string, error) {