Valid Login Syntax for LDAP
For Suite 8.11.15.0 and above, only SSO authentication is supported.
Users must provide user information in the appropriate syntax for the LDAP server.
Active Directory
Valid forms of the login are:
- domain\user_name
- user_name@domain.com
- cn=user_name, cn=users, dc=sub-domain, dc=domain, dc=com
OpenLDAP
For a login ID, OpenLDAP uses Distinguished Names, which can be lengthy. To facilitate logging in, a series of rules are applied to expand a simple string into a full Distinguished Name:
- If the username starts with a period (.), omit the period.
- If there is no equal sign (=) or comma (,) in the username, login in the following manner:
- “cn=“ + username + “,” + UserDomain
- If there is no “dc=“ in the username add the domain at the end. Examples of these mappings:
.user |
user |
user |
cn=user,ou=Houston,dc=bridge-way,dc=com |
Cn=user,ou=groups |
cn=user,ou=groups,dc=bridge-way,dc=com |
When a name is delimited with a comma and space, use the backslash character before the comma (for example, CN=Smith\, John).