Regarding LDAP authentication in Apache http server, I wonder why providing just one sAMAccountName or userPrincipalName to the AuthLDAPBindDN
directive, instead of giving the user's full dn is also working.
The documentation states you must provide a DN as the argument to this directive, but I've tried to provide just a sAMAccountName, and it works. Providing userPrincipalName also works. I'm quite confused. Why is it working?
Is it because I'm connecting to an AD server?
CodePudding user response:
Microsoft Active Directory implements a system called Ambiguous Name Resolution (ANR) which allows resolution of the user to permit an LDAP Bind.