I am trying to get the LDAP plugin to authenticate a user if they are a member of a group.
The following ldap query will list the members of the group
ldapsearch -x -b ‘cn=mygroupname,ou=Group,ou=everyone,dc=ic,dc=ac,dc=uk’ -h unixldap.cc.ic.ac.uk memberUid
This returns a list of all members of the group.
Based on my experiments I believe the ldap plugin takes it’s configured attribute, and the username and prepends it to the query. e.g. if my username is rob and attribute is memberUid then the query will be equivalent to:
ldapsearch -x -b ‘memberUid=Rob,cn=mygroupname,ou=Group,ou=everyone,dc=ic,dc=ac,dc=uk’ -h unixldap.cc.ic.ac.uk memberUid
But this is giving me No Such Object when I run it.
I don’t know much about LDAP but this seems to tell me that the LDAP group is an object, but the members of the group are not objects. I am scratching my head as to how I can configure the LDAP plugin so that it will only authenticate against group members.
Is this possible?