Reading a bit more, it seems as if the UPN is not part of the LDAP RFC, just something Microsoft added to their version of LDAP with AD.

I see some talks of a way to workaround this to allow OpenLDAP to bind with UPN, but then some other strings say it is not possible...

What is the definitive answer here...  Tell the apps people to bind using the provided DN/password, search for the user with the sAMAccount name they have, then rebind with that DN and password for password verification?


From: jeflebo@outlook.com
To: openldap-technical@openldap.org
Subject: username syntax for bind/auth
Date: Tue, 21 Oct 2014 08:02:36 -0700

So I've got everything working with my OpenLDAP passthrough to AD... one last thing (I think).

Is there a way to make OpenLDAP accept username@domain.com instead of the full DN?