Am Samstag 27 Dezember 2008 schrieb Michael Ströder: > Wilhelm Meier wrote: > > Am Freitag 26 Dezember 2008 schrieb Pierangelo Masarati: > >> ----- "Michael Ströder" <[email protected]> wrote: > >>> Wilhelm Meier wrote: > >>>> is there a way to use the UPN ([email protected]) notation to do > >>>> a > >>> > >>> bind > >>> > >>>> to the OpenLDAP-Server. > >>> > >>> Assuming you mean simple bind the answer is no. According to > >>> RFC 4511 the name in a BindRequest is a DN. Using the UPN as > >>> name is a proprietary violation of LDAPv3 in MS AD. > >>> > >>>> Or do I have to use the rwm-overlay to map > >>>> the bind-string to a valid DN? > >>> > >>> Not sure whether that would work. > >> > >> It would work if you used "[email protected]", as it complies > >> with DN syntax. > > > > Ok, I thought about that, but if you have some silly applications > > where you can't compose the connect-string for the bind it would > > be rather nice if one can configure the OpenLDAP tu user this upn > > notation. > > Which applications? Something very AD-specific?
Not really, but the bind-DN is always composed as <user>@<domain> > > Most LDAP-enabled applications can search for user entries by uid > or similar and then bind with the user's entry DN as bind DN. > > Ciao, Michael. -- Wilhelm
