Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

20.14. Using Active Directory-formatted User Names for Authentication

When you connect to Directory Server, you must specify the distinguished name (DN) of the user, such as uid=user_name,ou=People,dc=example,dc=com, to authenticate. However, the DN can be difficult to remember. If you enable and configure the AD DN plug-in, you can use Active Directory-formatted user names, such as user_name or user_name@domain instead of the DN.
After you enable the plug-in and a user connects to the directory using a user name that is not DN-formatted, Directory Server searches the DN based on the plug-in's configuration. If the search returns one DN, Directory Server uses this DN for the authentication. If none or multiple DNs are returned, authentication fails.

Note

You can only enable and configure the AD DN plug-in using the command line.
To enable and configure the plug-in it to use example.com as the default domain:
  1. Add the cn=addn,cn=plugins,cn=config plug-in entry and set the default domain: 
    # ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x
dn: cn=addn,cn=plugins,cn=config
changetype: add
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: addn
nsslapd-pluginPath: libaddn-plugin
nsslapd-pluginInitfunc: addn_init
nsslapd-pluginType: preoperation
nsslapd-pluginEnabled: on
nsslapd-pluginId: addn
nsslapd-pluginVendor: 389 Project
nsslapd-pluginVersion: 1.3.6.0
nsslapd-pluginDescription: Allow AD DN style bind names to LDAP
addn_default_domain: example.com
    Copy to Clipboard Toggle word wrap
    The required addn_default_domain parameter in the plug-in entry sets the default domain. The plug-in appends this domain if the specified user name during an authentication does not contain a domain name.
  2. Add a configuration entry for the default domain: 
    # ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x
dn: cn=example.com,cn=addn,cn=plugins,cn=config
changetype: add
objectClass: top
objectClass: extensibleObject
cn: example.com
addn_base: ou=People,dc=example,dc=com
addn_filter: (&(objectClass=account)(uid=%s))
    Copy to Clipboard Toggle word wrap
    For details about the parameters used in the example, see their descriptions in the Red Hat Directory Server Configuration, Command, and File Reference.

    Warning

    You must add at least a configuration entry for the default domain. If the entry is missing, Directory Server fails to start.
  3. Optionally, you can create additional domain configurations as described in the previous step to support multiple domain names. Each domain configuration can use a different search base and filter.
  4. Restart the Directory Server instance: 
    # dsctl instance_name restart
    Copy to Clipboard Toggle word wrap
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat