Opened 5 years ago

Last modified 5 years ago

#926 new defect

LDAP authentication: use RFC 2255 LDAP URLs for more flexibility

Reported by: sumpfralle Owned by:
Priority: minor Milestone:
Component: programming Keywords: ldap
Cc: Parent Tickets:

Description

Hi,

the current LDAP authentication plugin can only handle LDAP schemas where a usable login string is part of the entry's DN:
dn: uid=john,ou=people,dc=example,dc=org

Another LDAP schema looks like this:
dn: cn=John Doe,ou=people,dc=example,dc=org

Here the login token is usally available only as an attribute (e.g. uid). Thus the current LDAP_USER_DN_TEMPLATE cannot work with the above schema.

Other projects (e.g. LDAP authentication within the apache webserver) use the LDAP URL (see RFC 2255. Such an URL allows to specify a base DN, a search scope and the attribute to be used for login matching.

Attached you find a patch that I am using for such a setup.

Maybe the old config style (based on LDAP_USER_DN_TEMPLATE) can be replaced with the LDAP URL, since I am not aware a use case that could not be covered with the latter one.

Subtickets

Attachments (1)

0001-LDAP-URL-based-on-RFC-2255.patch (7.4 KB) - added by sumpfralle 5 years ago.

Download all attachments as: .zip

Change History (2)

Changed 5 years ago by sumpfralle

comment:1 Changed 5 years ago by sumpfralle

the patch also works with v0.7

Note: See TracTickets for help on using tickets.