I don't know if my question title even made sense – but let me explain.
When you do an LDAP query, you (apparently) are supposed to specify a DN in the Bind to "login" to the LDAP server. When I do this with slapd/OpenLDAP, the Bind DN is a normal DN like
cn=brad,ou=users,dc=corp
or whatever. However, when I do this against [our corporate] Active Directory [server] – it wants a "Bind DN" to be like:
CORP\brad
Which actually works. However, "CORP\brad" isn't really a DN in the ldap tree. In reality, "brad" exists as an object like "cn=brad,ou=users,dc=corp" – and this object has an "sAMAAccountName" attribute of "brad" (my actual username – changed here for simplification). I don't know if this is just "coincidence" – or if there could be others like this or what. How do you tell?
So – my quesion is – based on the DN/"Credentials" that were passed to the BIND, how can you determine what actual "Distingushed Name" the specified "Bind DN" equates to – when in AD – they don't appear to be one and of the same?
Best Answer
sAMAccountName is the username in Active Directory. If you search ldap for users with a samaccountname that matches your username, you can get the DN that way.