> I have clients that send in thier username and password as user@???,
> but it can also be user@???... etc... I need to pass the username
> but change the baseDN according to the domain name. Can this be done?
I'd recommend you take the presented username and *search* for the DN.
Something like this might do the trick. The inside ldapdn lookup
searches for the user's DN. The outer lookup performs the authentication
with that dn:
ldap_plain: driver = plaintext
public_name = PLAIN
server_prompts = "LDAP Username:: : LDAP Password::"
server_condition = \
${\
lookup ldap { \
user="${lookup ldapdn {ldaps:///BASEDN?dn?sub?(mail=${quote_ldap:$2})}}" \
pass="$3" \
ldaps:///BASEDN?uid?sub?(mail=${quote_ldap:$2}) \
}{yes}fail \
}
server_set_id = $2
You'll have to test this.
-JP
