I have an LDAP server and an AD server with the same structure:
dn=com ---> dn=example ---> ou=users ---> uid=username
LDAPConnection connection = LDAPConnection(ip, port);
connection.bind("username", "password");
works on the AD server, without specifying the full DN.
LDAPConnection connection = LDAPConnection(ip, port);
connection.bind("uid=username,ou=users,dc=example,dc=com", "password");
works on the LDAP server, by specifying the full bind DN.
However, my issue is I might not necessarily know that the ou=users, and the following bind fails with invalid credentials:
LDAPConnection connection = LDAPConnection(ip, port);
connection.bind("uid=username,dc=example,dc=com", "password");
is this because in LDAP it's possible to have two "username" users in separate OUs, so it must be specified to avoid ambiguity? One workaround I was thinking of was to search for uid=username in all OU's to find the correct OU.
Is this a common issue, where the OU is not known? Am I in the right line of thinking?
Thank you
The normal usage of LDAP is that you bind as a known user who has search permissions, search for the user based on some unique attribute such as email address, then bind as that user.