Custom module to handle LDAP query returning multiple results?
nicolas.reich at switch.ch
Fri Jan 19 14:32:28 CET 2018
The system looks like this: the users are each affiliated to one or more
organisations. For each affiliation to an organisation, there's an entry
in LDAP. So there can be several entries for the same user, each one
with a different organisation. Now, granted the rest of the
authentication process goes well, the user is accepted if he or she is
affiliated to one of the whitelisted organisations, i.e. there is at
least one entry with their name and a whitelisted organisation.
This should be pretty straightforward to check: get all entries for the
user, and check if at least one is for a whitelisted organisation.
Except the ldap module throws an error if the search returns more than
one result, and I can't use server-side sorting because it is an
openldap server, which doesn't implement the ldap_create_sort_control
function. (I think, I might have gotten that wrong though.)
Is it possible to write a custom module to handle an LDAP query
returning potentially multiple results? Or is there another solution you
can think of? The obvious one is to serially query ldap for each
organisation, but that's really ineffective. Final note to take into
account: I cannot modify anything on the ldap side, it is used for other
projects as well.
Best regards, and thanks in advance
PS: Thanks Alan for your answer to my other question yesterday.
More information about the Freeradius-Users