LDAP integration with dynamic parameter in bindingdn. How?

[outburst]

Hi,
I need to authenticate through LDAP with a different approach. In fact, authentication in our server is done using a different parameter exuid which is retrieved by uid.
So we'd like to know if it's possible to configure the existing service to query first the parameter exuid and then authenticate using the following bindingdn

bindingdn = exuid=$?,ou=people,dc=st,dc=com

So basically, $1 is used to retrieve exuid and then using the result $? to authenticate.

Thanks.

[alex.taylor]

We have a similar issue. The username that we all commonly use is based on the systemid attribute, but the bind still uses the uid attribute. There is no similarity between the systemid and the uid. When the LDAP system was designed, the uid was generated differently from the systemid.

I can get it to work when using the uid to login, but no one knows their uid.


userquery: uid=$1
bindingdn: uid=$1,ou=people,dc=alaska,dc=edu

What I am having difficulty with is determining how to write the bindingdn configuration to use the uid the userquery looks up.

userquery: systemid=$1
bindingdn: uid=$?,ou=people,dc=alaska,dc=edu

Thanks

[MaxM]

This may require some custom coding but you can try this.. Set your bindingdn to the DN of a user. All queries other than authentication with the directory will be done under this user. Be sure to add a bindingpw for this user as well.

The userquery should look for a user matching systemid (with the username they use at the login screen). This will find a user object and return the DN. The DN is then used to attempt a bind in order to authenticate.

[alex.taylor]

Thanks for the help. The error I got is similar to an error I got before.

Code:

Server response:
Array
(
    [error] => Array
        (
            [message] => Unexpected username '<uid>' came back from external auth provider. Expected: '<systemid>'
            [status] => 500
            [title] => Internal Error
            [uri] => https://<host>/@api/deki/users/authenticate?dream.out.format=php&dream.in.host=<host>&dream.in.scheme=https&dream.in.origin=<IP>&authprovider=12
        )

)

The keys are defined as follows:
bindingpw: <password string>
bindingdn: uid=<Authorized UID>,ou=people,dc=alaska,dc=edu
searchbase: ou=people,DC=alaska,DC=edu
hostname: <ldap url>
displayname-pattern: {systemid}
userquery: systemid=$1

Any thoughts?

[MaxM]

Thanks for the help. The error I got is similar to an error I got before.

Code:

Server response:
Array
(
    [error] => Array
        (
            [message] => Unexpected username '<uid>' came back from external auth provider. Expected: '<systemid>'
            [status] => 500
            [title] => Internal Error
            [uri] => https://<host>/@api/deki/users/authenticate?dream.out.format=php&dream.in.host=<host>&dream.in.scheme=https&dream.in.origin=<IP>&authprovider=12
        )

)

The keys are defined as follows:
bindingpw: <password string>
bindingdn: uid=<Authorized UID>,ou=people,dc=alaska,dc=edu
searchbase: ou=people,DC=alaska,DC=edu
hostname: <ldap url>
displayname-pattern: {systemid}
userquery: systemid=$1

Any thoughts?

Try adding a setting
usernameattribute: systemid

this will ensure that the returned users have the name specified by systemid which is what users log in with. Take a look at the xml coming back from the MindTouch LDAP service to see what exactly is being returned.

[alex.taylor]

MaxM,

Thank you for all your help. Everything is working, and I am good to go.

Alex

[MaxM]

MaxM,

Thank you for all your help. Everything is working, and I am good to go.

Alex

Good to hear it.. share the wisdom though for others if you don't mind. What were your final working settings?