Opened 10 years ago
Last modified 10 years ago
#926 new defect
LDAP authentication: use RFC 2255 LDAP URLs for more flexibility
| Reported by: | sumpfralle | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | programming | Keywords: | ldap |
| Cc: | Parent Tickets: |
Description
Hi,
the current LDAP authentication plugin can only handle LDAP schemas where a usable login string is part of the entry's DN:
dn: uid=john,ou=people,dc=example,dc=org
Another LDAP schema looks like this:
dn: cn=John Doe,ou=people,dc=example,dc=org
Here the login token is usally available only as an attribute (e.g. uid). Thus the current LDAP_USER_DN_TEMPLATE cannot work with the above schema.
Other projects (e.g. LDAP authentication within the apache webserver) use the LDAP URL (see RFC 2255. Such an URL allows to specify a base DN, a search scope and the attribute to be used for login matching.
Attached you find a patch that I am using for such a setup.
Maybe the old config style (based on LDAP_USER_DN_TEMPLATE) can be replaced with the LDAP URL, since I am not aware a use case that could not be covered with the latter one.
Attachments (1)
Change History (2)
by , 10 years ago
| Attachment: | 0001-LDAP-URL-based-on-RFC-2255.patch added |
|---|
the patch also works with v0.7