[Auth_ldap] Re: AuthLDAPURL question.....

Dave Carrigan dave at rudedog.org
Fri Nov 3 09:53:25 PST 2000 

The way auth_ldap works right now, this isn't possible. The config you
attached wouldn't work because auth_ldap doesn't treat AuthLDAPURL as
cumulative; the latest url that appeared in the config would be the one
that is used. 

There are a couple of ways this support could be added, and still
maintain backwards compatibility. 

One would be to take a comma-separated list of attributes and treat
those attributes as an or-ed filter. I.e., you would use an URL like

  AuthLDAPURL ldap://server/o=base dn?uid,alias

Another possible way would be to treat the filter portion of the
auth_ldap URL as a template. Then you could do something like

  AuthLDAPURL ldap://server/o=base dn???(|(uid=%u)(alias=%u))

Then, when auth_ldap ran, it would substitute the client-supplied
username wherever %u appears in the filter.

Neither of these work today, though. I will add this to the list of
feature requests, or would accept patches (against 1.5.x) that
implemented either of these features (hint, hint :-)

-- 
Dave Carrigan (dave at rudedog.org)            | Yow! Oh, FISH sticks, CHEEZ
UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-DNS | WHIZ, GIN fizz, SHOW BIZ!!
Seattle, WA, USA                            | 
http://www.rudedog.org/                     | 

"Colin Myles" <myles at cambridge.scr.slb.com> writes:

> Dave,
> 
> I am not sure if you are the person to speak to, we currently use AuthLDAP
> and are validating against our alias which is unique within our corporate
> LDAP.  What we were wondering was if you could validate against one field or
> another, for example either the uid or alias field.
> 
> We have played with the module but haven't had much luck, do you have any
> ideas?
> 
> An example of it would be as follows (which doesn't work)
> 
> Any ideas?
> 
> Thanks,
> 
> Colin.
> 
> -----------------------
> 
> Options  All
> authname "SLB"
> authtype basic
> 
> AuthLDAPURL ldap://ldap2.slb.com ldap.slb.com:389/o=slb,c=an?alias
> <LimitExcept OPTIONS>
> require valid-user
> </LimitExcept>
> 
> AuthLDAPURL ldap://ldap2.slb.com ldap.slb.com:389/o=slb,c=an?uid
> <LimitExcept OPTIONS>
> require valid-user
> </LimitExcept>
> 
>  ____________________________________________________________________
> 
>    Colin Myles BSc Hons
>    Web Developer
>    myles at cambridge.scr.slb.com                   +44 (0)1223 325289
>  ____________________________________________________________________
> 
>    "It all makes sense if you squint a little and don't
>     think too hard"					 	Maier
> 
>

More information about the Auth_ldap mailing list