Thanks for the tip Quanah (and Dieter). I have added the MSUser schema to the
configuration. However, I'm still getting the same behavior. If I use a bind DN
which is potentially a valid DN, the rewriting is applied; however if the bind DN is just
the email address e.g.
then the OpenLDAP returns error 34 (invalid DN). So before I do more troubleshooting, I
wanted to ask if the rewrite rules can be applied before the syntax check on the bind DN
is done. If the OpenLDAP server always performs the syntax check on the DN before any
rewrite rules are applied, then what I'm trying to accomplish (using a Microsoft UPN
bind DN) cannot be done.
LDAP Directory Services/Identity Management
From: openldap-technical <openldap-technical-bounces(a)openldap.org> On Behalf Of
Sent: Saturday, October 26, 2019 1:57 PM
To: Dieter Klünter <dieter(a)dkluenter.de>; openldap-technical(a)openldap.org
Subject: Re: Question about OpenLDAP and rwm overlay
--On Saturday, October 26, 2019 9:27 PM +0200 Dieter Klünter <dieter(a)dkluenter.de>
slapd requires part of AD schemas in order to operate back-ldap
properly. Thus write a private schema, providing required attribute
types and object classes.
The MSUser schema in OpenLDAP master may be useful for this.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
This communication is the property of CenturyLink and may contain confidential or
privileged information. Unauthorized use of this communication is strictly prohibited and
may be unlawful. If you have received this communication in error, please immediately
notify the sender by reply e-mail and destroy all copies of the communication and any