Is it possible to login with domain\username (eng\hsimpson) against LDAP?
What attribute(s) do I need to pass for the LDAP to recognize the domain?
Thanks for any help you can throw at me.
nope; LDAP requires just username.
you can do UPN if you change your user variable from sAMAccountName=<USER> to userPrincipleName=<USER>
the domain\username is available only with the AD/NT server type. what is the reason for wanting this functionality?
you could try doing AD/NT for authentication (which accepts that format) and LDAP for authorization (group lookup & attributes); but if the reason is for a multi-domain environment, you will need multiple LDAP servers regardless.
Yes multi-domain environment. Users are scattered across multiple domains, groups used to map rolls are in one container.
But the rolls/groups would have members from users from the various domains.
I actually tricked Juniper with LDAP. I have 4 domains asia.co.com europe.co.com. southamerica.co.com northamerica.co.com. We do not have co.com in AD it is latteral. I went at the local DC using port 3268 and telling juniper that the base DN is dc=co, dc=com. Juniper complains the base dn is invalid but will authenticate and do group look ups accross domains. This wokrs well. You do loose 389 port messages from AD.