Hello, everyone,
Could you help me how to change it in the config.yml so that the security plugin is looking for a user not by sAMAccountName, but by userPrincipalName?
Hi @yalkun just want to make sure I understand you correctly, you want the users to enter their userPrincipalName as username and roles to be retrieved using that entry? If so, this is quite simple to achieve using below config:
ldap:
description: "Authenticate via LDAP or Active Directory"
http_enabled: true
transport_enabled: false
order: 5
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: ldap
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
hosts:
- <ldap_ip>
bind_dn: user
password: password
userbase: 'cn=Users,dc=local,dc=local'
username_attribute: "displayName"
usersearch: '(userPrincipalName={0})'
authz:
roles_from_myldap:
description: "Authorize via LDAP or Active Directory"
http_enabled: true
transport_enabled: false
authorization_backend:
type: ldap
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
hosts:
- <ldap_ip>
bind_dn: user
password: pass
rolebase: 'ou=GroupsNew,dc=local,dc=local'
rolesearch: '(member={0})'
userroleattribute: null
userrolename: disabled
resolve_nested_roles: false
userbase: 'cn=Users,dc=local,dc=local'
usersearch: '(userPrincipalName={0})'
Let me know if this helps, or if I misunderstood your use case.