Jan-Piet Mens wrote:
>> I have clients that send in thier username and password as user@???,
>> but it can also be user@???... etc... I need to pass the username
>> but change the baseDN according to the domain name. Can this be done?
>
> I'd recommend you take the presented username and *search* for the DN.
> Something like this might do the trick. The inside ldapdn lookup
> searches for the user's DN. The outer lookup performs the authentication
> with that dn:
>
> ldap_plain: driver = plaintext
> public_name = PLAIN
> server_prompts = "LDAP Username:: : LDAP Password::"
> server_condition = \
> ${\
> lookup ldap { \
> user="${lookup ldapdn {ldaps:///BASEDN?dn?sub?(mail=${quote_ldap:$2})}}" \
> pass="$3" \
> ldaps:///BASEDN?uid?sub?(mail=${quote_ldap:$2}) \
> }{yes}fail \
> }
> server_set_id = $2
>
> You'll have to test this.
>
> -JP
>
>
>
Works IF the 'presented username' is unique by itself.
Wouldn't fly here. Same $local_part occurs on several $domain.
Bill
