You can configure the LDAP mechanism to create an identity map for usernames that logon with a FQDN, such as user@dom1.dom2.dom3, for example:
<Mechanism Name="ldap"> <MechanismProperties ... /> <IdentityMap Match="match" Pattern="pattern"/> DatabaseName="database_name"/> </Mechanism>
- match
- A Posix regular expression representing a matching rule that shows how the username is divided into sub-strings. The individual substrings are enclosed by ( ).
- pattern
- The substitution rule that determines how the map extrapolates a DN from the username substrings defined in the Match attribute.
- database_name
- Defines how the system rewrites the username so that the database can identify the user in a particular form.
The identity map does not require a service bind.