[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Using UPN notation for LDAPbind
Am Freitag 26 Dezember 2008 schrieb Pierangelo Masarati:
> ----- "Michael StrÃder" <michael@stroeder.com> wrote:
> > Wilhelm Meier wrote:
> > > is there a way to use the UPN (user@domain.com) notation to do
> > > a
> >
> > bind
> >
> > > to the OpenLDAP-Server.
> >
> > Assuming you mean simple bind the answer is no. According to RFC
> > 4511 the name in a BindRequest is a DN. Using the UPN as name is
> > a proprietary violation of LDAPv3 in MS AD.
> >
> > > Or do I have to use the rwm-overlay to map
> > > the bind-string to a valid DN?
> >
> > Not sure whether that would work.
>
> It would work if you used "mail=user@domain.com", as it complies
> with DN syntax.
Ok, I thought about that, but if you have some silly applications
where you can't compose the connect-string for the bind it would be
rather nice if one can configure the OpenLDAP tu user this upn
notation.
Most applications must be somewhat modified to use something
like "mail=user@domain.com" and then you can think of using the real
DN either.
> Then you can use rwm rewrite capabilities to
> expand that string into the user's DN. Something similar is
> indicated in slapo-rwm(5), AFAIR.
Yes, thats in the man-page. Thank you.
So, if DN-syntax is required, the application must be modified ...
>
> p.
>
>
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
>
> SysNet s.r.l.
> via Dossi, 8 - 27100 Pavia - ITALIA
> http://www.sys-net.it
> -----------------------------------
> Office: +39 02 23998309
> Mobile: +39 333 4963172
> Fax: +39 0382 476497
> Email: ando@sys-net.it
> -----------------------------------
--
Wilhelm