Thanks for the tip Quanah (and Dieter). I have added the MSUser schema to the configuration. However, I'm still getting the same behavior. If I use a bind DN like
Mail=myname@mycompany.com
which is potentially a valid DN, the rewriting is applied; however if the bind DN is just the email address e.g.
myname@mycompany.com
then the OpenLDAP returns error 34 (invalid DN). So before I do more troubleshooting, I wanted to ask if the rewrite rules can be applied before the syntax check on the bind DN is done. If the OpenLDAP server always performs the syntax check on the DN before any rewrite rules are applied, then what I'm trying to accomplish (using a Microsoft UPN bind DN) cannot be done.
Thanks again,
Steve Vandenburgh LDAP Directory Services/Identity Management CenturyLink (720)738-2688
-----Original Message----- From: openldap-technical openldap-technical-bounces@openldap.org On Behalf Of Quanah Gibson-Mount Sent: Saturday, October 26, 2019 1:57 PM To: Dieter Klünter dieter@dkluenter.de; openldap-technical@openldap.org Subject: Re: Question about OpenLDAP and rwm overlay
--On Saturday, October 26, 2019 9:27 PM +0200 Dieter Klünter dieter@dkluenter.de wrote:
[...] slapd requires part of AD schemas in order to operate back-ldap properly. Thus write a private schema, providing required attribute types and object classes.
The MSUser schema in OpenLDAP master may be useful for this.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.symas.com&umid=AE42BD9E-95D5-B405-A685-740CAF9B7769&auth=19120be9529b25014b618505cb01789c5433dae7-ad787404dd2d33e665cc543b477f7fd3a84aba08
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.