You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The main reason you can't do arbitrary conversion on some attributes is that they are also used to build search queries. The uid attribute is used to build the following search query:
(&(objectClass=posixAccount)(uid=someusername))
Note however that there is a pull request in progress for doing user name transformations in the PAM stack. That means the user name is changed on login.
My main usage for nss-pam-ldapd is with my mail server. OpenSMTPD uses PAM to authenticate users, where I plugged
nss-pam-ldapd
.Sometimes users authenticate with their correct
uid
, but sometimes they also use their email addressuid@mydomain.tld
to authenticate.I would love nslcd to be able to remove the
@mydomain.tld
part when present. This way users could authenticate both ways. Innslcd.conf
I tried this:But I get this error message when restarting the service: attribute uid cannot be an expression
I suggest removing this limitation so my usecase is usable.
What do you think?
The text was updated successfully, but these errors were encountered: