[nssldap] Looking up users via username _or_ other attribute?

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Erik Forsberg <forsberg%2Bnssldap [at] cendio.se>
To: nssldap [at] padl.com
Subject: [nssldap] Looking up users via username _or_ other attribute?
Date: Fri, 18 Jan 2008 14:34:03 +0100

Hi!

Can nss_ldap be configured to search for user entries with a filter that
looks for the supplied username in multiple attributes? For example,
when I do 'getent passwd test', I would like nss_ldap to query the LDAP
server for
'(&(objectclass=posixAccount)(|(uid=test)(otherAttribute=test)))'

The reason behind this would be to allow authenticating using a
mail address, certificate serial number or some other information stored
in LDAP against openssh's sshd, which runs a
getpwent(username-sent-over-network) to decide if a user is valid or
not, while still keeping the real username in the environment. 

I could set 'nss_map_attribute uid mail', but all users
would then be listed with that attribute when listing file/process
ownership. Also, it would be nice if I could have some users logging in
via their mail address, and some via their username.

Regards,
\EF
-- 
Erik Forsberg                OpenSource-based Thin Client Technology
Systems Analyst/Developer    Phone: +46-13-21 46 00    
Cendio AB                    Web: http://www.cendio.com

[nssldap] Looking up users via username _or_ other attribute?, Erik Forsberg

Re: [nssldap] Looking up users via username _or_ other attribute?, Matthew Hardin
- Re: [nssldap] Looking up users via username _or_ other attribute?, Erik Forsberg

Prev by Date: Re: [nssldap] Question about getspnam/getpwnam and ldap
Next by Date: [nssldap] nss_ldap under Solaris 10
Previous by thread: Re: [nssldap] Question about getspnam/getpwnam and ldap
Next by thread: Re: [nssldap] Looking up users via username _or_ other attribute?