17 Jan
2020
17 Jan
'20
2:25 a.m.
On Mon, Jan 13, 2020 at 10:20:07PM +0000, Vandenburgh, Steve Y wrote:
Michael,
I know this thread is old, but wanted to follow up by asking: would it be possible to delay the BIND DN syntax check until after rwm manipulations are completed? Unfortunately, there is a lot of client software that is dependent on this quirk but it would be very beneficial to be able to use OpenLDAP as a proxy to AD. I suspect that delaying the syntax check until after rwm manipulations would allow UPN-based authentication to work.
Hi Steve, DN validation for binds/search bases/... happens way too early in the frontend for this to be possible. Same reason why you can't write a slapd module to handle the magic '<GUID=...>' AD DNs.
Regards,
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP