I'm trying to connect to an LDAP server running slapd, using the net_ldap ruby gem. I'm able to perform the bind action using the cn of the user, but I need to use the uid.
The LDAP server was created by ClearOS and is otherwise untouched, standard configuration.
Here's my ruby code:
Net::LDAP.new(
{
host: "10.1.1.3",
port: 389,
base: "dc=company,dc=lan",
auth: {
method: :simple,
username: 'cn=Andrew Faraday,ou=Users,ou=Accounts,dc=company,dc=lan',
password: "secret"
}
}
).bind
That works fine, but what I really want to do is log in using the uid rather than the cn, e.g.
username: 'uid=ajfaraday,ou=Users,ou=Accounts,dc=company,dc=lan',
Here's the result of a successful ldap search (fairly heavily redacted):
dn: cn=Andrew Faraday,ou=Users,ou=Accounts,dc=edge,dc=lan
uidNumber: 2004
gidNumber: 63000
homeDirectory: /home/ajfaraday
clearAccountStatus: enabled
sambaAcctFlags: [U ]
sambaDomainName: company
sambaBadPasswordCount: 0
sambaBadPasswordTime: 0
uid: ajfaraday
givenName: Andrew
sn: Faraday
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: clearAccount
objectClass: sambaSamAccount
cn: Andrew Faraday
loginShell: /bin/bash
I've spent a few days digging through slap config files, manuals and old (like, over a decade old) questions on this and I'm coming up blank. I've tried variants on all of these things:
- Define a rule to build the dn differently for each user.
- Allow authorisation rights on the uid attribute.
- Set up an authz-regexp or sasl-regexp to convert input to a search string looking for uid.
None of these appear to have the desired effect. The regexp attributes appear to do nothing at all.