I have a running freeipa ldap server that I am using for user management. I need to search for users using userPrincipleName attribute. I can search using uid filter as follows:
ldapsearch -H "ldap://ldap.domain.net" -D "uid=badr,cn=users,cn=accounts,dc=domain,dc=net" -w "password" -b "uid=badr,cn=users,cn=accounts,dc=domain,dc=net" "uid=badr"
But, when I change the filter to userPrincipleName, it returns nothing.
ldapsearch -H "ldap://ldap.domain.net" -D "uid=badr,cn=users,cn=accounts,dc=domain,dc=net" -w "password" -b "uid=badr,cn=users,cn=accounts,dc=domain,dc=net" "userPrincipleName=badr@domain.net"
I suspect that something has to be done on ldap server in order for it to work correctly.
Where could the mistake be here?
thanks in advance
FreeIPA does not have attribute type userPrincipleName in its schema.
Furthermore the attribute userPrincipalName, defined in MS AD, is spelled differently but is also not in FreeIPA's schema.
Instead FreeIPA user entries contain the attribute krbPrincipalName defined in LDAP schema for MIT Kerberos.
In case a client application is only capable of using userPrincipalName for searching one could setup a LDAP proxy based on OpenLDAP's LDAP backend with slapo-rwm implementing the attribute mapping.