Custom Base DN's for LDAP Authentication

Chad La Joie lajoie at
Tue Nov 22 14:36:13 GMT 2011

Yes, as documented, it does do a subtree search by default.

Usually when questions like this come up, people are trying to get
around issues with their unique identifiers (uids) not being unique.

On 11/22/11 9:13 AM, Mark Cairney wrote:
> Won't it do a sub-tree search by default anyway meaning that providing your uid's are unique it should find it if you set your base DN to be the root DN of your DIT?
> Cheers,
> Mark
> On 22 Nov 2011, at 13:42, Chad La Joie wrote:
>> You can't.  The base DN is the highest node in the LDAP DIT from which
>> you begin searching.  By definition it doesn't change, nor would you
>> want it to since doing so would introduce security concerns.
>> On Mon, Nov 21, 2011 at 23:35, K Hall <khkaufen at> wrote:
>>> If I want to adjust the base dn for searches based on each login criteria, how would I do that? For example, if I want to prefix a base dn with an ou=user02, based on how they came into the system, how could I do that?
>>> I'm using the ldaploginmodule and specifying the userFilter as uid={0}, but is there a way to do this for the baseDN?

More information about the users mailing list