I do not have a flat hierarchy where users will be located and as a result I would need a bind account which I cannot use as a result of the unsecure password.
Some directories facilitate binds against a consistent format string such as <login ID>@domain.com or DOMAIN\<login ID> after which point the dn and attribute / group data can be fetched. It appears as if the ldap-username-attribute imposes an unnatural restriction by defining the bind DN in code and not simply exposing the desired format string? Is there any workaround for this anyone can think of? Thanks, jlc