On Wed, Dec 14, 2022 at 11:18:50AM +0800, luckydog xf wrote: > Please forgive my rush. It works. Here it is, use %[1-9].
Actually, your tests are incomplete. > server_host = ldap://172.16.232.201:389 > search_base = cn=users,cn=accounts,dc=ipa,dc=pthl,dc=hk > scope = sub > version = 3 > bind = no > start_tls = no > query_filter = (uid=%u) > result_attribute = uid > result_format = %u@%2.%1 This completely ignores the domain part of the address, without restricting the domains search by setting "domain =". You'll get incorrect results with this. Use the full (%s) address as the lookup key in 'query_filter'. Avoid partial-key lookups. -- Viktor.