THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT Server (All Versions)
QUESTION
Does the EFT Server support “constructed” attributes (e.g. msds-PrincipalName) for the username attribute?
ANSWER
No, “constructed” attributes are not supported for the username attribute.
MORE INFORMATION
Using “constructed” attributes as a username for LDAP Authentication will cause users to fail to log in. LDAP authentication relies on search filters to find the username during the login process, and constructed attributes in the search filter are not supported by Active Directory nor the RFC2251.
Active Directory does not support constructed attributes (defined in section 3.1.1.4.5) in search filters. When a search operation is performed with such a search filter, Active Directory fails with inappropriateMatching ([RFC2251] section 4.1.10).
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/0bb88bda-ed8d-4af7-9f7b-813291772990
constructed attribute: An attribute whose values are computed from normal attributes (for read) and/or have effects on the values of normal attributes (for write).
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/b645c125-a7da-4097-84a1-2fa7cea07714#gt_d848b035-c151-4fd8-88d9-9f152d053fee