Allow User-DN to be supplied in the configuration rather than searching
Right now, every connection requires an anonymous (or bound) connection used to search the user-dn. Rather than searching for the user-dn, it should be possible to define the user-dn in the configuration file.
[mod_auth] permit specifying ldap DN; skip search (fixes #1248)
If auth.backend.ldap.filter begins with ',', then concatenate
uid=<username> with the 'filter' value to form the DN instead of using
ldap_search to query LDAP for the DN for the username, applying the
"Allow User-DN to be supplied in the configuration rather than searching"
Updated by deepunix over 11 years ago
This ticket would be a good place for adding patches to mod_auth's ldap code ;)
Here is my patch against 1.4.16 that adds possibility to set dereference option. The option is set every time user is authenticating. It works, but needs some testing.
It's enabled by adding to config file the following line:
auth.backend.ldap.deref = "always" # can be always, find, search or never
Douglas, maybe you could integrate this into your patch ? :)
Updated by gstrauss about 2 years ago
- Description updated (diff)
- Status changed from New to Need Feedback
Is there still interest in allowing User-DN to be supplied in the configuration rather than searching?
Separately, is there interest in deepunix dereference option (which was inappropriately posted to this ticket)?
Also available in: Atom