Version 1.9.0.07 Changes

LDAP Multiple Base DN Options

Sometimes it may be necessary when using LDAP authentication to query several different base domain name groups for a user. Note that it is preferable to find a base point that is common to both and issue one search instead of multiple, but in cases where this is necessary you can now specify multiple search paths by using the pipe character (|). For example:

cn=Users,dc=saitest,dc=local
cn=Users,dc=saitest,dc=local | ou=Security Objects,dc=saitest,dc=local

The first option will only query the Users group. In the second case, the users group will be queried first and if no match is found, the Security Objects organizational unit will be queried.

Adding many base paths is not recommended as multiple queries can slow down the login process. Note that this pipe option only works for the X-Ldap-BaseDN field.

Warning: The pipe syntax in the BaseDN field will not be usable by previous versions of the software. So if you add this as part of the authentication process, you should remove it before downgrading to an earlier version.

It is also recommended to upgrade both nodes of a cluster before trying out this option.

Last updated