Pep
Reputation: 635
Apache AuthLDAPBindDN directive accepting any field?
Regarding LDAP authentication in Apache http server, I wonder why providing just one sAMAccountName or userPrincipalName to the AuthLDAPBindDN directive, instead of giving the user's full dn is also working.
The documentation states you must provide a DN as the argument to this directive, but I've tried to provide just a sAMAccountName, and it works. Providing userPrincipalName also works. I'm quite confused. Why is it working?
Is it because I'm connecting to an AD server?
Upvotes: 0
Views: 223
Answers (1)
jwilleke
Reputation: 11026
Microsoft Active Directory implements a system called Ambiguous Name Resolution (ANR) which allows resolution of the user to permit an LDAP Bind.
Upvotes: 1
Related Questions
- How to use Form based LDAP authentication in apache
- Apache 2.4 and LDAP
- Apache web server LDAP - How to allow a non-ldap user access?
- Apache configuration for LDAP with DDEV
- Can I retrieve addtional LDAP objects during authentication with Apache?
- Ldap bind in java using username instead of the DN
- Can AuthnProviderAlias ldap work with Apache2.4.x?
- LDAP Authentication queries
- are wildcards possible in OpenLDAP LDAPConnection.bind() dn string?
- How to avoid plain password in mod_ldap