Jeff Lebo wrote:
Reading a bit more, it seems as if the UPN is not part of the LDAP RFC, just
something Microsoft added to their version of LDAP with AD.
I see some talks of a way to workaround this to allow OpenLDAP to bind with
UPN, but then some other strings say it is not possible...
Anything's possible, if you modify the code yourself.
What is the definitive answer here...
Tell the apps people to bind using the
provided DN/password, search for the user with the sAMAccount name they have,
then rebind with that DN and password for password verification?
Yes, that's the typical approach.
------------------------------------------------------------------------------
From: [email protected]
To: [email protected]
Subject: username syntax for bind/auth
Date: Tue, 21 Oct 2014 08:02:36 -0700
So I've got everything working with my OpenLDAP passthrough to AD... one last
thing (I think).
Is there a way to make OpenLDAP accept [email protected] instead of the full
DN?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
