[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using UPN notation for LDAPbind

To: Michael StrÃder <michael@stroeder.com>
Subject: Re: Using UPN notation for LDAPbind
From: Pierangelo Masarati <ando@sys-net.it>
Date: Fri, 26 Dec 2008 14:13:49 +0100 (CET)
Cc: Wilhelm Meier <wilhelm.meier@fh-kl.de>, openldap-software@openldap.org
In-reply-to: <49541605.4030202@stroeder.com>

----- "Michael StrÃder" <michael@stroeder.com> wrote:

> Wilhelm Meier wrote:
> > is there a way to use the UPN (user@domain.com) notation to do a
> bind 
> > to the OpenLDAP-Server.
> 
> Assuming you mean simple bind the answer is no. According to RFC 4511
> the name in a BindRequest is a DN. Using the UPN as name is a
> proprietary violation of LDAPv3 in MS AD.
> 
> > Or do I have to use the rwm-overlay to map 
> > the bind-string to a valid DN?
> 
> Not sure whether that would work.

It would work if you used "mail=user@domain.com", as it complies with DN syntax.  Then you can use rwm rewrite capabilities to expand that string into the user's DN.  Something similar is indicated in slapo-rwm(5), AFAIR.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------

Follow-Ups:
- Re: Using UPN notation for LDAPbind
  - From: Wilhelm Meier <wilhelm.meier@fh-kl.de>

References:
- Re: Using UPN notation for LDAPbind
  - From: Michael StrÃder <michael@stroeder.com>

Prev by Date: Re: Using UPN notation for LDAPbind
Next by Date: Re: Using UPN notation for LDAPbind
Index(es):
- Chronological
- Thread