On Mon, Jan 13, 2020 at 10:20:07PM +0000, Vandenburgh, Steve Y wrote:
Michael,
I know this thread is old, but wanted to follow up by asking: would it
be possible to delay the BIND DN syntax check until after rwm
manipulations are completed? Unfortunately, there is a lot of client
software that is dependent on this quirk but it would be very
beneficial to be able to use OpenLDAP as a proxy to AD. I suspect
that delaying the syntax check until after rwm manipulations would
allow UPN-based authentication to work.
Hi Steve,
DN validation for binds/search bases/... happens way too early in the
frontend for this to be possible. Same reason why you can't write a
slapd module to handle the magic '<GUID=...>' AD DNs.
Regards,
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation
http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP