Re: Using UPN notation for LDAPbind

[Pierangelo Masarati <ando@sys-net.it>]

Wilhelm Meier wrote:
> Am Samstag 27 Dezember 2008 schrieb Michael StrÃder:
> > Wilhelm Meier wrote:
> > > Am Freitag 26 Dezember 2008 schrieb Pierangelo Masarati:
> > > > ----- "Michael StrÃder" <michael@stroeder.com> wrote:
> > > > > Wilhelm Meier wrote:
> > > > > > is there a way to use the UPN (user@domain.com) notation to do
> > > > > > a
> > > > > bind
> > > > >
> > > > > > to the OpenLDAP-Server.
> > > > > Assuming you mean simple bind the answer is no. According to
> > > > > RFC 4511 the name in a BindRequest is a DN. Using the UPN as
> > > > > name is a proprietary violation of LDAPv3 in MS AD.
> > > > >
> > > > > > Or do I have to use the rwm-overlay to map
> > > > > > the bind-string to a valid DN?
> > > > > Not sure whether that would work.
> > > > It would work if you used "mail=user@domain.com", as it complies
> > > > with DN syntax.
> > > Ok, I thought about that, but if you have some silly applications
> > > where you can't compose the connect-string for the bind it would
> > > be rather nice if one can configure the OpenLDAP tu user this upn
> > > notation.
> > Which applications? Something very AD-specific?
>
> Not really, but the bind-DN is always composed as <user>@<domain>

So please don't call it bind-DN, as it is not a DN.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------