On Mon, Jan 13, 2020 at 10:20:07PM +0000, Vandenburgh, Steve Y wrote: > Michael, > > I know this thread is old, but wanted to follow up by asking: would it > be possible to delay the BIND DN syntax check until after rwm > manipulations are completed? Unfortunately, there is a lot of client > software that is dependent on this quirk but it would be very > beneficial to be able to use OpenLDAP as a proxy to AD. I suspect > that delaying the syntax check until after rwm manipulations would > allow UPN-based authentication to work.
Hi Steve, DN validation for binds/search bases/... happens way too early in the frontend for this to be possible. Same reason why you can't write a slapd module to handle the magic '<GUID=...>' AD DNs. Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
