Valid Login Syntax for LDAP
Users must provide user information in the appropriate syntax for the LDAP server.
Active Directory
Valid forms of the login are:
- domain\user_name
- user_name@domain.com
- cn=user_name, cn=users, dc=sub-domain, dc=domain, dc=com
OpenLDAP
For a login ID, OpenLDAP uses Distinguished Names, which can be lengthy. To facilitate logging in, a series of rules are applied to expand a simple string into a full Distinguished Name:
- If the username starts with a period (.), omit the period.
- If there is no equal sign (=) or comma (,) in the username, login in the following manner:
- “cn=“ + username + “,” + UserDomain
- If there is no “dc=“ in the username add the domain at the end. Examples of these mappings:
.user |
user |
user |
cn=user,ou=Houston,dc=bridge-way,dc=com |
Cn=user,ou=groups |
cn=user,ou=groups,dc=bridge-way,dc=com |
When a name is delimited with a comma and space, use the backslash character before the comma (for example, CN=Smith\, John).