multiple entries in searchDN or UserDN

You may have a challenge if the lowest common RDN is only one level (o=company). If you had at least two levels in common, you could just use that as your base DN. In any case, your SearchDN should be the lowest common RDN, and the SearchFilter might look something like this:

(&(cn=%{session.searchname})(|(ou:dn:=ou=ou1,dc=dom1,dc=com)(ou:dn:=ou=ou2,dc=dom1,dc=com)))

where you're basically saying, look for (cn=blah) and (ou=foo or ou=bar)

thank you kevin for your answer.

 

I'm trying the following but any uid is bound by default to u=people,o=company.com,o=company so uid that belong to other bn base are failing to connect.

 

APM says LDAP module: authentication with 'uid=test000,ou=people,o=company.com,o=company' failed: No such object (32)

(&(uid=%{session.logon.last.username})(|(ou:dn:=ou=people,o=company.com,o=company)(ou:dn:=ou=people,o=sub1.com,o=company)(ou:dn:=ou=people,o=thirdparty,o=company.com,o=company)(ou:dn:=ou=people,o=thirdparty.com,o=company)(ou:dn:=ou=people,o=company)(ou=people, o=sub2.com, o=company)))

 

Try performing an LDAP query first to see if the above actually finds the user. Then if it does, point the LDAP auth at the correct (discovered) DN. You can also test the above from the command line:

ldapsearch -H ldap 10.10.10.200 -x -b dc=mydomain,dc=com -D administrator@mydomain.com -w 'password' "(&(uid=test000)(|(ou:dn:=ou=people,o=company.com,o=company)(ou:dn:=ou=people,o=sub1.com,o=company)(ou:dn:=ou=people,o=thirdparty,o=company.com,o=company)(ou:dn:=ou=people,o=thirdparty.com,o=company)(ou:dn:=ou=people,o=company)(ou=people, o=sub2.com, o=company)))"