[nssldap] Looking up users via username _or_ other attribute?
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[nssldap] Looking up users via username _or_ other attribute?
- From: Erik Forsberg <forsberg%2Bnssldap [at] cendio.se>
- To: nssldap [at] padl.com
- Subject: [nssldap] Looking up users via username _or_ other attribute?
- Date: Fri, 18 Jan 2008 14:34:03 +0100
Hi!
Can nss_ldap be configured to search for user entries with a filter that
looks for the supplied username in multiple attributes? For example,
when I do 'getent passwd test', I would like nss_ldap to query the LDAP
server for
'(&(objectclass=posixAccount)(|(uid=test)(otherAttribute=test)))'
The reason behind this would be to allow authenticating using a
mail address, certificate serial number or some other information stored
in LDAP against openssh's sshd, which runs a
getpwent(username-sent-over-network) to decide if a user is valid or
not, while still keeping the real username in the environment.
I could set 'nss_map_attribute uid mail', but all users
would then be listed with that attribute when listing file/process
ownership. Also, it would be nice if I could have some users logging in
via their mail address, and some via their username.
Regards,
\EF
--
Erik Forsberg OpenSource-based Thin Client Technology
Systems Analyst/Developer Phone: +46-13-21 46 00
Cendio AB Web: http://www.cendio.com
- [nssldap] Looking up users via username _or_ other attribute?,
Erik Forsberg