Home > Software engineering >  Apache AuthLDAPBindDN directive accepting any field?
Apache AuthLDAPBindDN directive accepting any field?

Time:10-31

Regarding LDAP authentication in Apache http server, I wonder why providing just one sAMAccountName or userPrincipalName to the AuthLDAPBindDN directive, instead of giving the user's full dn is also working.

The documentation states you must provide a DN as the argument to this directive, but I've tried to provide just a sAMAccountName, and it works. Providing userPrincipalName also works. I'm quite confused. Why is it working?

Is it because I'm connecting to an AD server?

CodePudding user response:

Microsoft Active Directory implements a system called Ambiguous Name Resolution (ANR) which allows resolution of the user to permit an LDAP Bind.

  • Related