On Mon, May 05, 2025 at 07:42:01AM +0000, Windl, Ulrich wrote: > The ide was to provide an alternate DN, but maybe it does not work the way I > thought. > I saw this example in > https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3c96b56d-d7a7-46f1-9883-7d031f9fa01e: > F=John Smith+F=David Jones, OU=Users,DC=Fabrikam,DC=com
Hi Ulrich, that example is contrary to RFC4512 section 2.2 around the end[0]. Actually if you read the link you provided, AD's own implementation is much stricter and doesn't support multivalued rDNs at all and the example you give is specifically listed as "disallowed"! [0]. https://www.rfc-editor.org/rfc/rfc4512#section-2.2 Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
