Greetings,

I think that subject line can be interpreted several different ways, so
let me try and clarify.

I trying to find a way to support users logging in where:

1) they can enter any one of their aliased "usernames". For example a
user might have 'ken' as a username, but also email(s) 'ken@somedom',
their full name 'ken doe', or even their system ID (numeric or uuid).
When even a backend can find any of these it returns the permanent
identifier (typically only a local UID or UUID can be considered this)

2) the system allows ACLs to be defined around the UID/UUID

3) In my ACLS I only need to define their UID/UUID (i.e 'AllowUser 12345')

The whole purpose for wanting these is the fact that old ACLs
(.ftpaccess) left laying around with non-permanent identifiers, if
reassigned to new users, can give them inappropriate access. This is
especially true in very, very large user-bases where the username
re-issuance policy is out of our control, and when we have very large
ftp directory structures (thousands or millions of files and ACLs)

My first thought on how I could do this with proftpd, was to try using
the mod_ldap module to connect to my ldap server (which already has
entries based on UID-DNs and not non-permanent ones) (i.e
CN=12345,OU=Users,DC=somedom,DC=com). However I am not able (or have not
found how to) define a custom search query -- one that would allow a
match based on the email and other attribute, then return a full DN that
the module will try to bind to using the user's password.

So, is there a way I can customize mod_ldap's LDAP search string? Has
anyone done the above with some other method, say SQL?

Thanks in advance,

ken



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?p...rge&CID=DEVDEV
_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html