how to code ldap filters using OpenConceptConsulting/nslcd module

asked 2018-08-17 10:16:29 -0600

gene gravatar image

updated 2018-08-17 13:30:28 -0600

I'm trying to use the OpenConceptConsulting/nslcd module to configure /etc/nslcd.conf. I'm not sure how to code the part for the filters. The examples given on the module page in the forge are pretty sparse. In looking at the nslcd.erb template that comes with the module i was able to determine how to set most of the configuration in the /etc/nslcd.conf file except for the filters.

The erb file contains this for the ldap filters:

<% if @ldap_filters.length > 0 -%>
# Custom search filters
<% @ldap_filters.each do |map, filter| -%>
filter <%= map %> <%= filter %>
<% end -%>

I want the /etc/nslcd.conf file to look like this:

filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    passwd uid              sAMAccountName
map    passwd homeDirectory    unixHomeDirectory
map    passwd gecos            displayName
filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    shadow uid              sAMAccountName
map    shadow shadowLastChange pwdLastSet
filter group  (&(objectClass=group)(gidNumber=*))
map    group  member           sAMAccountName

Any/all help is most appreciated!

[UPDATE] I've tried the following:

  ldap_filters      => {

        'passwd' => '(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))',
        'shadow' => '(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))',
        'group'  => '(&(objectClass=group)(gidNumber=*))',

which does generate the following in /etc/nslcd.conf:

filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
filter group (&(objectClass=group)(gidNumber=*))

Not sure how to add the map lines yet though....

edit retag flag offensive close merge delete