id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc	parents
926	LDAP authentication: use RFC 2255 LDAP URLs for more flexibility	sumpfralle		"Hi,

the current LDAP authentication plugin can only handle LDAP schemas where a usable login string is part of the entry's DN:
{{{dn: uid=john,ou=people,dc=example,dc=org}}}

Another LDAP schema looks like this:
{{{dn: cn=John Doe,ou=people,dc=example,dc=org}}}

Here the login token is usally available only as an attribute (e.g. {{{uid}}}). Thus the current {{{LDAP_USER_DN_TEMPLATE}}} cannot work with the above schema.

Other projects (e.g. LDAP authentication within the apache webserver) use the LDAP URL (see [[http://www.ietf.org/rfc/rfc2255.txt|RFC 2255]]. Such an URL allows to specify a base DN, a search scope and the attribute to be used for login matching.

Attached you find a patch that I am using for such a setup.

Maybe the old config style (based on {{{LDAP_USER_DN_TEMPLATE}}}) can be replaced with the LDAP URL, since I am not aware a use case that could not be covered with the latter one."	defect	new	minor		programming		ldap