My LDAP uses "dn=cn=lastname_firstname,dc=xxx,dc=edu" as the binddn for simple binds. I wish users to simply use their uid+userPassword
for login rather than their cn. Other applications using LDAP as authentication are able to do so. There does not appear to be a way to make this
happen in the current configuration settings. I can successfully login using the cn+userPassword on the login screen, but not using the uid+userPassword.
Adding some clarification to the issue ...
auth_type ldap
directory_type ldap
ldaphost ldap://ldap.sdm.dm.edu
ldap_binddn dc=sdm.dm,dc=edu
ldap_bind_user
ldap_bind_pass
ldap_is_active_directory No
ldap_domain_name
ldap_user_name_attr uid
ldap_last_name_attr sn
ldap_first_name_attr givenName
ldap_displayname_attr cn
ldap_email_attr mail
Here is the issue. If I use
ldap_user_name_attr uid
on the login page(not local), as a valid ldap user with uid=me and the userPassword,
the bind tries(I have level=logging.DEBUG statement in the LDAPDirectory.py)
ldap://ldap.sdm.dm.edu - SimpleLDAPObject.simple_bind (('uid=me,dc=sdm.dm,dc=edu', 'mypassword', None, None),{})
=> LDAPError - INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
My bindn uses cn, not uid. I can change
ldap_username_attr cn
and then on the login enter the full cn for my uid, but what I wish is to have the user be able
to use their uid and have the simple bind work. It does for many othe applications for which I use
LDAP as the authentication. I can hack the code to make this work for my case, but it would be
better if this were configurable or the search used just the ldap_binddn for the search.
simplebind should use a ldap_basedn which is defined in the config
I am able to use uid/password if I make the following change to the
filelocker2.4.5/core/directory/LDAPDirectory.py authenticate def
Search for dn using baseDN, then authenticate
Replace the line below with the following 5 lines beginning with >>
result = l.simple_bind_s(self.userIdAttr+"="+userId+","+ self.directoryBindDn , password)