My context: I have a OpenSMTPD instance that uses PAM as its authentication backend. My PAM configuration use NSS to authenticate the users against a LDAP directory.
I would like to make NSS match users either on their uid or their mail LDAP attribute.
According to the logs I see, the default filter seems to be (&(objectClass=posixAccount)(uid=xxxxxx)) where xxxxx is the user login.
The nslcd.conf man page describes the filter parameter, but it seems there is no way to use variables with it. Plus, whatever filter I configure actually adds up with (uid=xxxxx) in the end (for instance, if I set filter passwd (foo=bar) in the configuration file, the filter that will be used to match users will be (&(foo=bar)(uid=xxxx))).
I would like to be able to write something like (|(uid=$login)(mail=$login)) to match users either to match users either on their uid or ther mail LDAP attribute.
Is it really not possible? Is there a workaround for this?
