LDAP was recently refactored could you please try it? GUI Admin->LDAP has setting: "Add domain to user name" maybe this can be used?
On 16 December 2013 00:37, Mihail Lukin <[email protected]> wrote: > Ok, I'll test it against MS AD and report back. Thanks in advance! > > > On Sun, Dec 15, 2013 at 9:13 PM, Maxim Solodovnik <[email protected]> > wrote: > > To be fair: I don't know :( > > LDAP is the part I can modify but can't actually test, so I need someone > who > > is interested in it and understand what is going on :) > > > > > > On Sun, Dec 15, 2013 at 11:55 PM, Mihail Lukin <[email protected]> > > wrote: > >> > >> Maxim, > >> > >> Good to hear! I'm ready to test (although I'm not sure I'm quite ready > >> to build it :) but I'll definitely try ). > >> > >> Do you think it's actually necessary to add another configuration key? > >> I wonder if "username@domain" form of sAMAccountName/sid field is used > >> somewhere... > >> > >> > >> On Sun, Dec 15, 2013 at 8:41 PM, Maxim Solodovnik <[email protected] > > > >> wrote: > >> > I would like to to propose additional key with detailed use > description > >> > (the > >> > patch will be perfect :) ) > >> > And I'll try to address the issue :) > >> > The only requirement: you will need to test one or more nightly build > :) > >> > > >> > > >> > On Sun, Dec 15, 2013 at 11:33 PM, Mihail Lukin < > [email protected]> > >> > wrote: > >> >> > >> >> I looked at source code of LdapLoginManagement and it looks like > there > >> >> is no way of telling OM to add domain to user name only when > >> >> authenticating to LDAP but not when searching by attribute configured > >> >> by field_user_principal. But it really doesn't work this way. > >> >> > >> >> Am I missing some additional settings or it worth filling bug report? > >> >> > >> >> On Fri, Dec 13, 2013 at 4:54 PM, Mihail Lukin < > [email protected]> > >> >> wrote: > >> >> > Hello, everyone! > >> >> > > >> >> > I have problem integrating OM with AD. I've created configuration > >> >> > file > >> >> > and added it through admin interface. I used wireshark to analyze > >> >> > communication with LDAP server. > >> >> > > >> >> > When I use option "add domain name to user name", authentications > >> >> > succeeds 3 times with admin's credentials, then once with user's > >> >> > credentials ("username@domain" form was used by OM), but then ldap > >> >> > search fails because sAMAccountName is "username" but OM searches > for > >> >> > "username@domain". > >> >> > > >> >> > When I turn off "add domain name to user name", authentications > >> >> > succeeds 3 times with admin's credentials, but then fails, because > OM > >> >> > tries to bind with "username" while LDAP requires "username@domain > ". > >> >> > > >> >> > Did anyone solve such problem already? Any suggestions? > >> >> > > >> >> > Thanks a lot in advance! > >> >> > > >> >> > -- > >> >> > Regards, Mihail. > >> >> > >> >> > >> >> > >> >> -- > >> >> С уважением, Михаил. > >> > > >> > > >> > > >> > > >> > -- > >> > WBR > >> > Maxim aka solomax > >> > >> > >> > >> -- > >> С уважением, Михаил. > > > > > > > > > > -- > > WBR > > Maxim aka solomax > > > > -- > С уважением, Михаил. > -- WBR Maxim aka solomax
