Support » Plugin: Authorizer » LDAP Search Base, at root or multiple OUs

  • Resolved bryanyates


    I have been able to get the LDAP plugin working with a “LDAP Search Base” of
    “OU=foo,DC=school,DC=k12,DC=nm,DC=us”, but I would really like it to work from two OU’s (OU=foo and OU=bar, both at DC=school,DC=k12,DC=nm,DC=us). Another solution that would work, almost as well, is to just allow our entire domain (DC=school,DC=k12,DC=nm,DC=us). Is there a way to configure it to this?
    Thanks so much for any guidance,

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Paul Ryan


    This should work if you just use “dc=school,dc=k12,dc=nm,dc=us” as the search base.

    Just be aware that it will include all of the organizational units at the top level, so if you have bindable users in something like “ou=inactive” they will still be included.

    I’ve updated to 2.6.11 and tried it again.

    I have two main roots with my users under them, one for students, and one for everyone else.
    dc=school,dc=k12,dc=nm,dc=us FAILS for student and teacher
    ou=student,dc=school,dc=k12,dc=nm,dc=us works for student, not teacher
    ou=teacher,dc=school,dc=k12,dc=nm,dc=us works for teacher, not student

    The full OU path to the teacher and student actually continue down in the form:
    ou=schoolname,ou=middleschools,ou=…(either of the roots above, teacher|student)

    I understand what you’re saying about the “ou=inactive”, and is a good warning. I’ve also been told that there is no way the students will be needed in my environment, so this is not urgent. I would like to be ready when that decision is overturned. 🙂

    Thanks for all your work,

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘LDAP Search Base, at root or multiple OUs’ is closed to new replies.