In an Anywhere 17 database users authenticate to a LDAP server (a Windows Domain Controller).

Using the LDAP URL "ldap://mydc.mycompany.de:389/cn=Users, dc=mycompany, dc=de??sub?(sAMAccountName=*)" works fine for this.

Now I wanted to allow my users to use either their account name or their principle name (aka mail address) using the LDAP URL

ldap://mydc.mycompany.de:389/cn=Users, dc=mycompany, dc=de??sub?(|(userPrincipalName=*)(sAMAccountName=*))

without success.

Using Wireshark I found out that the database server seems to replace the first asterisk in the filter restriction with the account name to be verified, so the filter used in the search is something like "(|(userPrincipalName=someuser@mycompany.de)(sAMAccountName=*))", which obviously does not return the expected result...

Is this intended behaviour? Otherwise I'd suggest to replace all asterisks in the filter restriction, not just the first one.

N.B.: We found a workaround by creating two different LDAP servers in the database server, which is acceptable but a bit awkward.

asked 21 May, 11:39

tedfroehlich's gravatar image

tedfroehlich
556
accept rate: 0%

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×23
×4

question asked: 21 May, 11:39

question was seen: 75 times

last updated: 21 May, 11:39