Am Samstag 27 Dezember 2008 schrieb Michael Ströder:
Wilhelm Meier wrote:
Am Freitag 26 Dezember 2008 schrieb Pierangelo Masarati:
----- "Michael Ströder" michael@stroeder.com wrote:
Wilhelm Meier wrote:
is there a way to use the UPN (user@domain.com) notation to do a
bind
to the OpenLDAP-Server.
Assuming you mean simple bind the answer is no. According to RFC 4511 the name in a BindRequest is a DN. Using the UPN as name is a proprietary violation of LDAPv3 in MS AD.
Or do I have to use the rwm-overlay to map the bind-string to a valid DN?
Not sure whether that would work.
It would work if you used "mail=user@domain.com", as it complies with DN syntax.
Ok, I thought about that, but if you have some silly applications where you can't compose the connect-string for the bind it would be rather nice if one can configure the OpenLDAP tu user this upn notation.
Which applications? Something very AD-specific?
Not really, but the bind-DN is always composed as <user>@<domain>
Most LDAP-enabled applications can search for user entries by uid or similar and then bind with the user's entry DN as bind DN.
Ciao, Michael.