将用户与两个组的 ldap 联系起来

Question

I have an application with which I would like to connect my ldap users. I want two types of users to be able to log in: internal and external.

In the application that I deploy, three parameters are taken into account (ldapjs protocol, scope sub)

export LDAP_FILTER LDAP_BASEDN LDAP_UIDTAG

How do I get "OU=Internal,OU=Users,DC=test,DC=example,DC=com" and "OU=External,OU=Users,DC=test,DC=example,DC=com" members to connect to it?

How should I fill in these parameters knowing that the cn is username?

Thank you for your help

I tried

export LDAP_FILTER (|(&(ou=Internal)(cn={{username}}))(&(ou=External)(cn={{username}}))

and many more

Answer 1

Those are OU's (organizational units) not groups. You cannot filter by OU in an LDAP filter. You use the Base DN to limit results to one OU. However, you can only use one.

You may be better off creating a group and adding all of the users from both OUs into that group, and then you can filter on the group, like this:

(memberOf=CN=MyAppGroup,OU=Groups,DC=test,DC=example,DC=com)

That should be the full distinguishedName of the group.