Search

GlobalSCAPE Knowledge Base

Using LDAP “constructed” attributes in EFT LDAP Authentication

Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server (All Versions)

QUESTION

Does the EFT Server support “constructed” attributes (e.g. msds-PrincipalName) for the username attribute?

A screenshot of a computer login
Description automatically generated with medium confidence

ANSWER

No, “constructed” attributes are not supported for the username attribute.

MORE INFORMATION

Using “constructed” attributes as a username for LDAP Authentication will cause users to fail to log in. LDAP authentication relies on search filters to find the username during the login process, and constructed attributes in the search filter are not supported by Active Directory nor the RFC2251.

Active Directory does not support constructed attributes (defined in section 3.1.1.4.5) in search filters. When a search operation is performed with such a search filter, Active Directory fails with inappropriateMatching ([RFC2251] section 4.1.10).

https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/0bb88bda-ed8d-4af7-9f7b-813291772990

constructed attribute: An attribute whose values are computed from normal attributes (for read) and/or have effects on the values of normal attributes (for write).
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/b645c125-a7da-4097-84a1-2fa7cea07714#gt_d848b035-c151-4fd8-88d9-9f152d053fee

Details
Last Modified: 9 Months Ago
Last Modified By: kmarsh
Type: INFO
Rated 2 stars based on 1 vote
Article has been viewed 9.4K times.
Options
Also In This Category