"Vandenburgh, Steve Y" Steve.Vandenburgh@centurylink.com writes:
Thanks for the tip Quanah (and Dieter). I have added the MSUser schema to the configuration. However, I'm still getting the same behavior. If I use a bind DN like
Mail=myname@mycompany.com
which is potentially a valid DN, the rewriting is applied; however if the bind DN is just the email address e.g.
myname@mycompany.com
then the OpenLDAP returns error 34 (invalid DN). So before I do more troubleshooting, I wanted to ask if the rewrite rules can be applied before the syntax check on the bind DN is done. If the OpenLDAP server always performs the syntax check on the DN before any rewrite rules are applied, then what I'm trying to accomplish (using a Microsoft UPN bind DN) cannot be done.
For this sort of DN rewriting slapd.conf(5) provides 'authid-rewrite' or 'olcAuthIdRewrite' in slapd-config(5).
-Dieter