Thanks Dieter. I'm trying to perform a simple bind operation with a UPN and password.
Based on this OpenLDAP mail archive:
authid-rewrite or olcAuthIdRewrite can only be used to modify the DN for SASL or
certificate-based authentication; it can't be used to modify simple bind DNs. Is that
still the case? Or is this information now out of date.
LDAP Directory Services/Identity Management
From: Dieter Kluenter <dieter(a)dkluenter.de>
Sent: Monday, October 28, 2019 12:44 PM
To: Vandenburgh, Steve Y <Steve.Vandenburgh(a)centurylink.com>
Subject: Re: Question about OpenLDAP and rwm overlay
"Vandenburgh, Steve Y" <Steve.Vandenburgh(a)centurylink.com> writes:
Thanks for the tip Quanah (and Dieter). I have added the MSUser
schema to the configuration. However, I'm still getting the same
behavior. If I use a bind DN like
which is potentially a valid DN, the rewriting is applied; however if
the bind DN is just the email address e.g.
then the OpenLDAP returns error 34 (invalid DN). So before I do more
troubleshooting, I wanted to ask if the rewrite rules can be applied
before the syntax check on the bind DN is done. If the OpenLDAP
server always performs the syntax check on the DN before any rewrite
rules are applied, then what I'm trying to accomplish (using a
Microsoft UPN bind DN) cannot be done.
For this sort of DN rewriting slapd.conf(5) provides 'authid-rewrite' or
'olcAuthIdRewrite' in slapd-config(5).
Dieter Klünter | Systemberatung
GPG Key ID: E9ED159B
This communication is the property of CenturyLink and may contain confidential or
privileged information. Unauthorized use of this communication is strictly prohibited and
may be unlawful. If you have received this communication in error, please immediately
notify the sender by reply e-mail and destroy all copies of the communication and any