This parameter defines how to construct the Active Directory
user name to be authenticated by Active Directory. You can choose whether
to use standard NTLM user names or AD Distinguished Names. This is a
different concept to BindString, which specifies what AD object to get
account details from.
The default is %0, which will try to
authenticate the user name sent by the NAS (after RewriteUsernames have
been applied).
This example will authenticate the user from an AD
user record in the ‘csx users’ Organizational Unit, and get account
details from the same AD record. Unlike NTLM user names, it will even work
for user names with spaces in them. Note that you need to specify
AuthFlags of 0 in order to use an Active Directory DN in
AuthUser.
BindString LDAP://cn=%0,ou=csx users,dc=open,dc=com,dc=au
AuthUser cn=%0,ou=csx users,dc=open,dc=com,dc=au
AuthFlags 0