openLDAP: login with userPrincipalName

3
votes

I have set up an openLdap server instance.

Login for the time being requires providing as username the user's dn, e.g.

"cn=151test,cn=somecn,ou=someou,dc=mydomain,dc=com"

How is it possible to enable login with userPrincipalName in the form of

[email protected] ?

edit: it seems that userPrincipalName is an attribute of user objectClass, available to Active Directory but not available out of the box to the default schema used by openLDAP.

So the question more or less becomes:

how to use (import) an AD-compliant schema by (to) openLDAP AND enable login with userPrincipalName as username

1
active-directoryopenldap

1 Answers

4
votes

As far as I know using just the attribute value of userPrincipalName in a simple bind request only works for Microsoft-ActiveDirectory.

Other LDAP servers need the full-DN or a short DN if they are capable of bind-DN rewriting, like OpenLDAP's slapd with slapo-rwm.