I have to do some serious work with Webmin as a front-end for access to some integration modules I have that need to be accessed by multi-domain users (multi tenant).
Given a user login, user@domain, I need to interface to authentication AND authorisation methods.
external authentication uses squid-like method.
I will in the first instance use the generic method and will be able to authenticate to multiple ldaps by using the username and password and reply with OK or not.
username gets split for user and domain and the correct ldap will be accessed by cascading to a squid-ldap auth module.
webmin has a group for only pam authenticated: I will need to read the code to check this is also used for only external authenticated.
'Hack webmin for poc to allow ip / user / password information to externalAA and reply OK (or not) and user:group to map the authenticated user to (user/group can be blank: user takes priority if found in Webmin users).