Durand Fabrice <fdur...@inverse.ca> wrote: > > PacketFence is not able to find t...@mydomain.com in your ldap. > So i suppose that your $LDAPUserKey is false.
If the LDAP directory you are using is Microsoft AD, I had problems with some of the recommended PF defaults for LDAP authentication. If I recall correctly, this was the problem line: my $LDAPSponsorUserKey = "userPrincipalName"; In AD, userPrincipalName looks an awful lot like an e-mail address with its logo...@domain.tld format. If your mail system uses any other e-mail address format (such as first.l...@domain.tld), this line causes the sponsor verification to fail upon LDAP logon because it isn't the same as the "mail" field. These are the current lines from our running ldap.pm file: my $LDAPUserKey = "sAMAccountName"; my $LDAPSponsorUserKey = "mail"; Let me throw in a disclaimer that I did some testing of the sponsorship feature with these settings, but we decided not to deploy the option for the time being. I don't think it was ever tested in our final deployment, so YMMV... -Arthur ------------------------------------------------------------------------- Arthur Emerson III Email: emer...@msmc.edu Network Administrator InterNIC: AE81 Mount Saint Mary College MaBell: (845) 561-0800 Ext. 3109 330 Powell Ave. Fax: (845) 562-6762 Newburgh, NY 12550 SneakerNet: Aquinas Hall Room 11 ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
