I am running into an issue when trying to rewrite the bindDN where the function ldap_bv2dn is called before rewriting and rejecting certain dn values.
Specifically I am trying to bind using just the email address, in the form "user@host.net" however this gets flagged and returns -4, ldap decoding error.
dnPrettyNormal: user@host.net
=> ldap_bv2dn(user@host.net,0) ldap_err2string <= ldap_bv2dn(user@host.net)=-4 Decoding error bind: invalid dn (user@host.net) send_ldap_result: conn=0 op=0 p=3 send_ldap_result: err=34 matched="" text="invalid DN"
Using an attribute form, "mail=user@host.net" gets properly passed to the rewrite function and all works as expected.
My question is whether there is any way around the validation that is performed before the rewrite beyond hacking the source code.
Any help is appreciated.
Thanks, Tod Schmidt
openldap-software@openldap.org