My context: I have a OpenSMTPD instance that uses PAM as its authentication backend. My PAM configuration use NSS to authenticate the users against a LDAP directory.
I would like to make NSS match users either on their uid
or their mail
LDAP attribute.
According to the logs I see, the default filter seems to be (&(objectClass=posixAccount)(uid=xxxxxx))
where xxxxx is the user login.
The nslcd.conf
man page describes the filter
parameter, but it seems there is no way to use variables with it. Plus, whatever filter I configure actually adds up with (uid=xxxxx)
in the end (for instance, if I set filter passwd (foo=bar)
in the configuration file, the filter that will be used to match users will be (&(foo=bar)(uid=xxxx))
).
I would like to be able to write something like (|(uid=$login)(mail=$login))
to match users either to match users either on their uid
or ther mail
LDAP attribute.
Is it really not possible? Is there a workaround for this?