-
Suggestion
-
Resolution: Fixed
-
None
-
None
I managed to get Active Directory integration mostly working right now. The only problem is that I want to set the principal's username attribute to sAMAccountName instead of CN. This seems to work, but then it blows up the Groups and Roles and I don't see any groups or roles anymore as soon as I change the Username Attribute. Using different OUs don't seem to help the situation of no Roles or Groups.
This is mostly because my CN names will end up being Firstname Lastname as opposed to their NT logins. The firstname lastname type of username will probably confuse the users when they're used to NT Logins.
When username attribute = cn, then:
Groups map to Groups
Roles map to Roles
When username attribute = sAMAccountName, then:
Groups map to nothing
Roles map to nothing
- is incorporated by
-
- Closed
[CWD-94] Active Directory connector's Roles and Groups needs to work when the username attribute is set to look at sAMAccountName
I believe both are set, the CN is CN=Firstname Lastname,OU=etc...
The firstname is set with the firstname I believe.
From what I see in the AD setup, we use multiple memberOf attributes for
group membership.
In your active directory server, do you have CN or display name set? Is this valid as the user's first name?
Which attribute are you using to determine group membership? Is this done on the principal or on the group object to associate memberships? By default I see AD using multiple 'memberOf' attributes on the principal object type.
Just did a new LDAP code update and tested with sAMAccountName. Will go out with the 0.4 release.