Am Freitag 26 Dezember 2008 schrieb Pierangelo Masarati: > ----- "Michael Ströder" <[email protected]> wrote: > > Wilhelm Meier wrote: > > > is there a way to use the UPN ([email protected]) notation to do > > > a > > > > bind > > > > > to the OpenLDAP-Server. > > > > Assuming you mean simple bind the answer is no. According to RFC > > 4511 the name in a BindRequest is a DN. Using the UPN as name is > > a proprietary violation of LDAPv3 in MS AD. > > > > > Or do I have to use the rwm-overlay to map > > > the bind-string to a valid DN? > > > > Not sure whether that would work. > > It would work if you used "[email protected]", as it complies > with DN syntax.
Ok, I thought about that, but if you have some silly applications where you can't compose the connect-string for the bind it would be rather nice if one can configure the OpenLDAP tu user this upn notation. Most applications must be somewhat modified to use something like "[email protected]" and then you can think of using the real DN either. > Then you can use rwm rewrite capabilities to > expand that string into the user's DN. Something similar is > indicated in slapo-rwm(5), AFAIR. Yes, thats in the man-page. Thank you. So, if DN-syntax is required, the application must be modified ... > > p. > > > Ing. Pierangelo Masarati > OpenLDAP Core Team > > SysNet s.r.l. > via Dossi, 8 - 27100 Pavia - ITALIA > http://www.sys-net.it > ----------------------------------- > Office: +39 02 23998309 > Mobile: +39 333 4963172 > Fax: +39 0382 476497 > Email: [email protected] > ----------------------------------- -- Wilhelm
