-
Type:
Improvement
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 15.3.3
-
Component/s: REST, LDAP, oAuth2, OpenID, Shibboleth Adapter
-
Labels:None
-
Funded by:
-
Bexio project link:
More and more it is common that installations using MS AD are moving to the Azure Cloud. When doing this, users will switch from a sAMAccountName login to a UserPrincipalName login (which is the primary MS email for authentication).
OpenOlat supports this with this configuration:
ldap.login.attribute=UserPrincipalName
The problem now is that login via the old style using the sAMAccountName is not possible anymore. This is a problem because many client specific documentations might not yet be updated and some users need more time to move to the new login scheme. Clients request that login with both names are possible.
Solution:
1) we support something like this:
ldap.login.attribute=UserPrincipalName,sAMAccountName
or
2) we support login via ldap.attributename.useridentifyer even when ldap.login.attribute is set to another value
If necessary the uniqueness of the authentication toke username must be discussed
