----- "Michael Ströder" <[email protected]> wrote: > Wilhelm Meier wrote: > > is there a way to use the UPN ([email protected]) notation to do a > bind > > to the OpenLDAP-Server. > > Assuming you mean simple bind the answer is no. According to RFC 4511 > the name in a BindRequest is a DN. Using the UPN as name is a > proprietary violation of LDAPv3 in MS AD. > > > Or do I have to use the rwm-overlay to map > > the bind-string to a valid DN? > > Not sure whether that would work.
It would work if you used "[email protected]", as it complies with DN syntax. Then you can use rwm rewrite capabilities to expand that string into the user's DN. Something similar is indicated in slapo-rwm(5), AFAIR. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: [email protected] -----------------------------------
