Custom Base DN's for LDAP Authentication
Chad La Joie
lajoie at shibboleth.net
Tue Nov 22 14:36:13 GMT 2011
Yes, as documented, it does do a subtree search by default.
Usually when questions like this come up, people are trying to get
around issues with their unique identifiers (uids) not being unique.
On 11/22/11 9:13 AM, Mark Cairney wrote:
> Won't it do a sub-tree search by default anyway meaning that providing your uid's are unique it should find it if you set your base DN to be the root DN of your DIT?
>
> Cheers,
>
> Mark
>
> On 22 Nov 2011, at 13:42, Chad La Joie wrote:
>
>> You can't. The base DN is the highest node in the LDAP DIT from which
>> you begin searching. By definition it doesn't change, nor would you
>> want it to since doing so would introduce security concerns.
>>
>> On Mon, Nov 21, 2011 at 23:35, K Hall <khkaufen at yahoo.com> wrote:
>>>
>>> If I want to adjust the base dn for searches based on each login criteria, how would I do that? For example, if I want to prefix a base dn with an ou=user02, based on how they came into the system, how could I do that?
>>>
>>> I'm using the ldaploginmodule and specifying the userFilter as uid={0}, but is there a way to do this for the baseDN?
More information about the users
mailing list