Thanks Dieter. I'm trying to perform a simple bind operation with a UPN and password. Based on this OpenLDAP mail archive: https://openldap-technical.openldap.narkive.com/8IrfS6xa/binding-with-an-e-mail-address authid-rewrite or olcAuthIdRewrite can only be used to modify the DN for SASL or certificate-based authentication; it can't be used to modify simple bind DNs. Is that still the case? Or is this information now out of date.
Thanks again, Steve Vandenburgh LDAP Directory Services/Identity Management CenturyLink (720)738-2688 -----Original Message----- From: Dieter Kluenter <[email protected]> Sent: Monday, October 28, 2019 12:44 PM To: Vandenburgh, Steve Y <[email protected]> Cc: [email protected] Subject: Re: Question about OpenLDAP and rwm overlay "Vandenburgh, Steve Y" <[email protected]> writes: > Thanks for the tip Quanah (and Dieter). I have added the MSUser > schema to the configuration. However, I'm still getting the same > behavior. If I use a bind DN like > > [email protected] > > which is potentially a valid DN, the rewriting is applied; however if > the bind DN is just the email address e.g. > > [email protected] > > then the OpenLDAP returns error 34 (invalid DN). So before I do more > troubleshooting, I wanted to ask if the rewrite rules can be applied > before the syntax check on the bind DN is done. If the OpenLDAP > server always performs the syntax check on the DN before any rewrite > rules are applied, then what I'm trying to accomplish (using a > Microsoft UPN bind DN) cannot be done. For this sort of DN rewriting slapd.conf(5) provides 'authid-rewrite' or 'olcAuthIdRewrite' in slapd-config(5). -Dieter -- Dieter Klünter | Systemberatung https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fsys4.de&umid=BF35EA59-95FC-E405-A296-EA371276D9A5&auth=19120be9529b25014b618505cb01789c5433dae7-d57a36d411cd972d033d00376dd4c373c462277f GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
