AnsweredAssumed Answered

ldap-ad authentication and unusual UPN

Question asked by boiss007 on Jun 5, 2015
Latest reply on Jun 22, 2015 by borisstankov
Hello, people

I have a little problem, and i'd like to ask from help.

I'm in the process to deploy Alfresco 5 for a client and I am stuck on the authentication part.

Let me explain : I have already configure my authentication but the client use a strange ADuser format :

for a user <em>"bob strange"</em> in the domain <em>"myfirm.fr"</em> (and not myfirm.local or myfirm.domain)
The SAMAccountName is <em>b.strange</em>
The UPN is <em>bobstrange@myfirm.fr</em>
The mail domain is the same as the AD domain so the mail is <em>bobstrange@myfirm.fr</em> (same as UPN)

I guess they choosed to format the UPN to mimic the mail (contrary to the usual form where the mail mimic the UPN)

for the windows session everyone use the old windows login format => <strong>domain\sammaccountname</strong>
for the exchange sessions (OWA) they use the UPN but only 1/3 of the users have a mail so they don't want to use it for alfresco because many users are not used to the UPN

Now alfresco is great at getting the UPN but i need to use the SAMAccountName for the authentication and it is not IN the UPN
So right now, they can login with the prefix of the UPN (something like "bobstrange") and they want to login with the SAMAccountName ("b.strange")

I would love to fix this problem without having to modify the .java classes (it complicates the future evolution), so if someone has a better idea, please, share your wisdom…

PS : my configuration of the ldap-ad subsystem is fine, my only concern is getting the AD SAMAccountName attribute in ldap.authentication.userNameFormat instead of the UPN attribute

Outcomes