Questo contenuto non è disponibile nella lingua selezionata.

20.14. Using Active Directory-formatted User Names for Authentication


When you connect to Directory Server, you must specify the distinguished name (DN) of the user, such as uid=user_name,ou=People,dc=example,dc=com, to authenticate. However, the DN can be difficult to remember. If you enable and configure the AD DN plug-in, you can use Active Directory-formatted user names, such as user_name or user_name@domain instead of the DN.
After you enable the plug-in and a user connects to the directory using a user name that is not DN-formatted, Directory Server searches the DN based on the plug-in's configuration. If the search returns one DN, Directory Server uses this DN for the authentication. If none or multiple DNs are returned, authentication fails.

Note

You can only enable and configure the AD DN plug-in using the command line.
To enable and configure the plug-in it to use example.com as the default domain:
  1. Add the cn=addn,cn=plugins,cn=config plug-in entry and set the default domain:
    # ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x
    dn: cn=addn,cn=plugins,cn=config
    changetype: add
    objectClass: top
    objectClass: nsSlapdPlugin
    objectClass: extensibleObject
    cn: addn
    nsslapd-pluginPath: libaddn-plugin
    nsslapd-pluginInitfunc: addn_init
    nsslapd-pluginType: preoperation
    nsslapd-pluginEnabled: on
    nsslapd-pluginId: addn
    nsslapd-pluginVendor: 389 Project
    nsslapd-pluginVersion: 1.3.6.0
    nsslapd-pluginDescription: Allow AD DN style bind names to LDAP
    addn_default_domain: example.com
    Copy to Clipboard Toggle word wrap
    The required addn_default_domain parameter in the plug-in entry sets the default domain. The plug-in appends this domain if the specified user name during an authentication does not contain a domain name.
  2. Add a configuration entry for the default domain:
    # ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x
    dn: cn=example.com,cn=addn,cn=plugins,cn=config
    changetype: add
    objectClass: top
    objectClass: extensibleObject
    cn: example.com
    addn_base: ou=People,dc=example,dc=com
    addn_filter: (&(objectClass=account)(uid=%s))
    Copy to Clipboard Toggle word wrap
    For details about the parameters used in the example, see their descriptions in the Red Hat Directory Server Configuration, Command, and File Reference.

    Warning

    You must add at least a configuration entry for the default domain. If the entry is missing, Directory Server fails to start.
  3. Optionally, you can create additional domain configurations as described in the previous step to support multiple domain names. Each domain configuration can use a different search base and filter.
  4. Restart the Directory Server instance:
    # dsctl instance_name restart
    Copy to Clipboard Toggle word wrap
Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat