Hi Jonathan,
I am working in a test environment where I have dummy accounts in AD and OpenLDAP, I happen to see that AD schema has userPrincipalname attribute and this is missing in OpenLDAP, The application I am trying with is strictly using UPN names so integration with OpenLDAP is not going to work unless UPN is added in the OpenLDAP schema, Can you please guide me in right direction.
Regards, Sidharth Sehjpal
On Tue, Nov 24, 2009 at 10:40 PM, Jonathan Clarke <jonathan@phillipoux.net
wrote:
On 24/11/2009 10:17, Siddharth Sehjpal wrote:
Is it possible to use UPN (user principal name) in the bind request, My application works fine with Microsoft AD but is giving invalid dn with openldap.
UPN is an attribute specific to Microsoft AD. Unless you have explicitly added it to your OpenLDAP schema, and created entries that use it, then it can't work.
What are you trying to achieve? Does your OpenLDAP server contain the same accounts ad your Microsoft AD?
Regards, Jonathan
--
Jonathan Clarke - jonathan@phillipoux.net
Ldap Synchronization Connector (LSC) - http://lsc-project.org
On Tuesday, 24 November 2009 21:37:38 Siddharth Sehjpal wrote:
Hi Jonathan,
I am working in a test environment where I have dummy accounts in AD and OpenLDAP, I happen to see that AD schema has userPrincipalname attribute and this is missing in OpenLDAP, The application I am trying with is strictly using UPN names
In other words, it is an AD-only application, not an LDAP-compliant application. I would recommend you make the vendor/developers aware of this and ask them to support the IETF-standardised protocol and not a specific broken implementation, or not use the software.
If you want/need something that supports the brokenness/non-compliance of AD, your best bet is probably Samba4.
Regards, Buchan
openldap-technical@openldap.org
-
Buchan Milne -
Siddharth Sehjpal