in principle possible:
pass auth:
auth_bind = yes
auth_bind_userdn = uid=%u,ou=Person,o=Work
filter by group:
user_filter =
(&(&(&(objectclass=user)(objectclass=person))(memberOf=*MailUsers.*))(uid=%n))
pass_filter =
(&(&(&(objectclass=user)(objectclass=person))(memberOf=*MailUsers.*))(uid=%u))
but need to configure ldap for memberOf ....
Gerardo Herzig wrote:> Hi all. I have a couple of questions. ANY of those will solve mi
> situation.
>
> 1) 'Complex' LDAP validation:
> I need to validate a user in the 2 step authentication / authorizacion
> mech.
>
> The 'users' (with the password) are in
> ou=Person,o=Work
>
> the group which contains the mail users is in
> cn=MailUsers,ou=Groups,o=Work
>
>