I think that subject line can be interpreted several different ways, so
let me try and clarify.

I trying to find a way to support users logging in where:

1) they can enter any one of their aliased "usernames". For example a
user might have 'ken' as a username, but also email(s) 'ken@somedom',
their full name 'ken doe', or even their system ID (numeric or uuid).
When even a backend can find any of these it returns the permanent
identifier (typically only a local UID or UUID can be considered this)

2) the system allows ACLs to be defined around the UID/UUID

3) In my ACLS I only need to define their UID/UUID (i.e 'AllowUser 12345')

The whole purpose for wanting these is the fact that old ACLs
(.ftpaccess) left laying around with non-permanent identifiers, if
reassigned to new users, can give them inappropriate access. This is
especially true in very, very large user-bases where the username
re-issuance policy is out of our control, and when we have very large
ftp directory structures (thousands or millions of files and ACLs)

My first thought on how I could do this with proftpd, was to try using
the mod_ldap module to connect to my ldap server (which already has
entries based on UID-DNs and not non-permanent ones) (i.e
CN=12345,OU=Users,DC=somedom,DC=com). However I am not able (or have not
found how to) define a custom search query -- one that would allow a
match based on the email and other attribute, then return a full DN that
the module will try to bind to using the user's password.

So, is there a way I can customize mod_ldap's LDAP search string? Has
anyone done the above with some other method, say SQL?

Thanks in advance,


Take Surveys. Earn Cash. Influence the Future of IT
Join's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
ProFTPD Users List
Unsubscribe problems?