Aloha! You should be able to support only email logins if you use the email attribute in both the “LDAP attribute containing username” and “LDAP attribute containing email address” in Authorizer settings.
One caveat, though, is if your LDAP search base contains the email domain (e.g., emails are [email protected] and the LDAP search base is something like ou=people,dc=mail,dc=example,dc=com). If that’s the case, you’ll need to add a filter for authorizer_ldap_search_filter and add the domain back to the username logging in, since (for legacy reasons) Authorizer removes that portion from the username. It would look something like:
// Use email addresses for user logins.
add_filter( 'authorizer_ldap_search_filter', function ( $search_filter, $ldap_uid, $username ) {
return '(' . $ldap_uid . '=' . $username . '@mail.example.com' . ')';
}, 10, 3 );
Thank you so much for taking a time to reply! π I really appreciate your help!
I have a question: suppose authorization is done via JumpCloud, but user’s email domain could be arbitrary like @ company.com or @ gmail.com. I’d guess the filter would fail, no?
Looking at JumpCloud LDAP docs, the base DN is ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com, so as long as your user email addresses aren’t [email protected], you should be able to restrict logins to email-only by putting mail as the attribute for both “LDAP attribute containing username” and “LDAP attribute containing email address” in Authorizer settings. Then you won’t need to use a filter at all.
https://jumpcloud.com/support/use-cloud-ldap
