[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Question about OpenLDAP and rwm overlay



On Mon, Jan 13, 2020 at 10:20:07PM +0000, Vandenburgh, Steve Y wrote:
> Michael,
> 
> I know this thread is old, but wanted to follow up by asking: would it
> be possible to delay the BIND DN syntax check until after rwm
> manipulations are completed?  Unfortunately, there is a lot of client
> software that is dependent on this quirk but it would be very
> beneficial to be able to use OpenLDAP as a proxy to AD.  I suspect
> that delaying the syntax check until after rwm manipulations would
> allow UPN-based authentication to work.

Hi Steve,
DN validation for binds/search bases/... happens way too early in the
frontend for this to be possible. Same reason why you can't write a
slapd module to handle the magic '<GUID=...>' AD DNs.

Regards,

-- 
Ondřej Kuzník
Senior Software Engineer
Symas Corporation                       http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP