Configure base dn for your users (or regexp), which will give you the DN for any username. Example:
BASE_DN = ou=Users,dc=zentyal,dc=com
Now, your applications now that for a given user (ie exekias), the DN is:
uid=<username>,ou=Users,dc=zentyal,dc=com
I'm exactly fighting against this biased approach. Sorry for being abrupt here
Again, standard (understand here "normal") appraoch is to search for existing entry matching your login.
Why do you make the assumption (even if you're most of the time right with such approach), that user will login with its [uid].
As long as provided string matches unique string permitting to find unique but existing entry, it works.
Guessing and building DN is just wrong.
Let me take an example because I can understand that you don't share it.
For some applications, you may ask user to access providing its mail address.
With your approach, what would be the next step? To assume that mail address looks like [uid]@domain
This is obviously not always true and definitely wrong as approach.
Not convinced already ? OK, let me take another example:
today, your LDAP DIT is flat. No OU permitting to segregate users. You will perhaps, sooner or later, evolve toward more powerful design (e.g. to match what "AD clone", AKA Samba supports, also to better synchronize with real Windows world. Well, whatever the reason, you may evolve toward such design. Cool
how are you going to guess DN for users ? you have forged RDN. So far so good but you're not done.
Do you see where I'm coming from now
Moreover, if you need to do this based on a search, you can use zentyalro account for that I agree that it should be shown on the interface, bug probably we will fix that for 3.2
Another design I fighting against: this account is currently allowed to read userpassword
I'm perhaps paranoiac but this permits brute force attack, especially because there is no password policy overlay.
Also feel free to explain to Zentyazl admins where they can find, even if not in Zentyal GUI, password for Zentyalro account, even if "I" do not support such approach.