Am Freitag 26 Dezember 2008 schrieb Pierangelo Masarati:
----- "Michael Ströder" michael@stroeder.com wrote:
Wilhelm Meier wrote:
is there a way to use the UPN (user@domain.com) notation to do a
bind
to the OpenLDAP-Server.
Assuming you mean simple bind the answer is no. According to RFC 4511 the name in a BindRequest is a DN. Using the UPN as name is a proprietary violation of LDAPv3 in MS AD.
Or do I have to use the rwm-overlay to map the bind-string to a valid DN?
Not sure whether that would work.
It would work if you used "mail=user@domain.com", as it complies with DN syntax.
Ok, I thought about that, but if you have some silly applications where you can't compose the connect-string for the bind it would be rather nice if one can configure the OpenLDAP tu user this upn notation. Most applications must be somewhat modified to use something like "mail=user@domain.com" and then you can think of using the real DN either.
Then you can use rwm rewrite capabilities to expand that string into the user's DN. Something similar is indicated in slapo-rwm(5), AFAIR.
Yes, thats in the man-page. Thank you.
So, if DN-syntax is required, the application must be modified ...
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it