Uploaded image for project: 'OpenOLAT'
  1. OpenOLAT
  2. OO-5052

LDAP login with two different attributes

    XMLWordPrintable

    Details

      Description

      More and more it is common that installations using MS AD are moving to the Azure Cloud. When doing this, users will switch from a sAMAccountName login to a UserPrincipalName login (which is the primary MS email for authentication). 

      OpenOlat supports this with this configuration: 

       

      ldap.login.attribute=UserPrincipalName 
      

      The problem now is that login via the old style using the sAMAccountName is not possible anymore. This is a problem because many client specific documentations might not yet be updated and some users need more time to move to the new login scheme. Clients request that login with both names are possible. 

      Solution:

      1) we support something like this: 

      ldap.login.attribute=UserPrincipalName,sAMAccountName
      

       or 

      2) we support login via ldap.attributename.useridentifyer even when ldap.login.attribute is set to another value

       

      If necessary the uniqueness of the authentication toke username must be discussed

       

        Attachments

          Activity

            People

            Assignee:
            srosse Stéphane Rossé
            Reporter:
            gnaegi Florian Gnägi
            Tester:
            Mandy Menzel
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: