[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Using UPN notation for LDAPbind
Wilhelm Meier wrote:
> Am Freitag 26 Dezember 2008 schrieb Pierangelo Masarati:
>> ----- "Michael StrÃder" <michael@stroeder.com> wrote:
>>> Wilhelm Meier wrote:
>>>> is there a way to use the UPN (user@domain.com) notation to do
>>>> a
>>> bind
>>>
>>>> to the OpenLDAP-Server.
>>> Assuming you mean simple bind the answer is no. According to RFC
>>> 4511 the name in a BindRequest is a DN. Using the UPN as name is
>>> a proprietary violation of LDAPv3 in MS AD.
>>>
>>>> Or do I have to use the rwm-overlay to map
>>>> the bind-string to a valid DN?
>>> Not sure whether that would work.
>> It would work if you used "mail=user@domain.com", as it complies
>> with DN syntax.
>
> Ok, I thought about that, but if you have some silly applications
> where you can't compose the connect-string for the bind it would be
> rather nice if one can configure the OpenLDAP tu user this upn
> notation.
Which applications? Something very AD-specific?
Most LDAP-enabled applications can search for user entries by uid or
similar and then bind with the user's entry DN as bind DN.
Ciao, Michael.