Supporting each other

Community forums

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC:

ldap second filter 10 years 9 months ago #1332

  • bogaerbr
  • bogaerbr's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 17
  • Thank you received: 0
I wonder if someone could explain me what the second ldap filter is.

I guess the use of the main filter is this:
When a user tries to log in xerte the user provides a <username> and a <password>.
The username will be used to check whether he is accepted or not.
In case of ldap authentication that username will be used to search for a matching entry in a directory.
In order to know what attribute the username is associated with you specify the LDAP main filter.
e.g. If ldap main filter is uid, the directory will be searched after until an entry is found with attribute uid=<username>, the password associated will be checked with the <password> provided by the user at login. If the match is OK, the ldap server will send a OK and allow to retrieve the first name and the surname of the user.

I am right this far?


What use then is the ‘ldap second filter’?

Please Log in or Create an account to join the conversation.

ldap second filter 10 years 9 months ago #1333

  • tom
  • tom's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 1303
  • Thank you received: 326
The second attribute (and I think we should use a different name) is used if no bind password is given. Then the second filter s used to search the ldap tree, and then a bind is attampted with the value of that attribute as username, and the given password as the password.

It is NOT used if a bind password is given.

Please Log in or Create an account to join the conversation.

ldap second filter 10 years 9 months ago #1334

  • bogaerbr
  • bogaerbr's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 17
  • Thank you received: 0
OK,

Is there a way I can set LDAP search filters in Xerte?
e.g. If I want only a known set of users to be authenticated through ldap?
Something like:
(|(uid=user.0)(uid=user.1)(uid=user.2))

Bruno

Please Log in or Create an account to join the conversation.

Last edit: by bogaerbr.

ldap second filter 10 years 9 months ago #1337

  • bogaerbr
  • bogaerbr's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 17
  • Thank you received: 0
I guess at
Site Administration, LDAP settings
"The LDAP main filter"
should be called
"attribute type matching the username"

Please Log in or Create an account to join the conversation.

  • Page:
  • 1
Moderators: alimcnronm
Time to create page: 0.043 seconds
Copyright © 2024 The Xerte Project.
Xerte logo Apereo logo OSI Logo

Search