[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using UPN notation for LDAPbind



Am Samstag 27 Dezember 2008 schrieb Michael StrÃder:
> Wilhelm Meier wrote:
> > Am Freitag 26 Dezember 2008 schrieb Pierangelo Masarati:
> >> ----- "Michael StrÃder" <michael@stroeder.com> wrote:
> >>> Wilhelm Meier wrote:
> >>>> is there a way to use the UPN (user@domain.com) notation to do
> >>>> a
> >>>
> >>> bind
> >>>
> >>>> to the OpenLDAP-Server.
> >>>
> >>> Assuming you mean simple bind the answer is no. According to
> >>> RFC 4511 the name in a BindRequest is a DN. Using the UPN as
> >>> name is a proprietary violation of LDAPv3 in MS AD.
> >>>
> >>>> Or do I have to use the rwm-overlay to map
> >>>> the bind-string to a valid DN?
> >>>
> >>> Not sure whether that would work.
> >>
> >> It would work if you used "mail=user@domain.com", as it complies
> >> with DN syntax.
> >
> > Ok, I thought about that, but if you have some silly applications
> > where you can't compose the connect-string for the bind it would
> > be rather nice if one can configure the OpenLDAP tu user this upn
> > notation.
>
> Which applications? Something very AD-specific?

Not really, but the bind-DN is always composed as <user>@<domain>

>
> Most LDAP-enabled applications can search for user entries by uid
> or similar and then bind with the user's entry DN as bind DN.
>
> Ciao, Michael.



-- 
Wilhelm