> Can anyone think of anything I’ve missed?
Warning - I don't speak LDAP.
But it does strike me that there is at least the logical possibility of
information leakage if the $requestContext.principalName could match the
"wrong" (so you log in again cn={0}, but you get attributes back against
userprincipalname={0}).
Also if you are relying on the principalName elsewhere (filtering? EpPN?)
you may get surprises if the format is different.
/R
|