LDAP authentication: use RFC 2255 LDAP URLs for more flexibility
|Reported by:||sumpfralle||Owned by:|
the current LDAP authentication plugin can only handle LDAP schemas where a usable login string is part of the entry's DN:
Another LDAP schema looks like this:
dn: cn=John Doe,ou=people,dc=example,dc=org
Here the login token is usally available only as an attribute (e.g.
uid). Thus the current
LDAP_USER_DN_TEMPLATE cannot work with the above schema.
Other projects (e.g. LDAP authentication within the apache webserver) use the LDAP URL (see RFC 2255. Such an URL allows to specify a base DN, a search scope and the attribute to be used for login matching.
Attached you find a patch that I am using for such a setup.
Maybe the old config style (based on
LDAP_USER_DN_TEMPLATE) can be replaced with the LDAP URL, since I am not aware a use case that could not be covered with the latter one.