LDAP Authentication against Windows AD allow both sAMAccountName and userPrincipalName

Forum|Forum|11 years ago
November 3, 2014
1 reply
14310 views

Hi,

Is it possible to modify LDAP authentication in way that would allow users to authenticate with either their sAMAccountName or their userPrincipalName?

Thank you

5.0

Best answer by Jeff_FTNT

One LDAP server setting on FGT only use one "cnid".

You may try to set up two LDAP server with different "cnid" on FGT and add those two LDAP server into one "User Group". Both should be works.

####

config user ldap edit "xxx" set server "x.x.x.x" set cnid "userPrincipalName" end config user ldap edit "yyy" set server "y.y.y.y" set cnid "sAMAccountName" end config user group

edit zzz

set member xxx yyy

end

Jeff_FTNTAnswer

Staff

One LDAP server setting on FGT only use one "cnid".

You may try to set up two LDAP server with different "cnid" on FGT and add those two LDAP server into one "User Group". Both should be works.

####

config user ldap edit "xxx" set server "x.x.x.x" set cnid "userPrincipalName" end config user ldap edit "yyy" set server "y.y.y.y" set cnid "sAMAccountName" end config user group

edit zzz

set member xxx yyy

end

lubyouAuthor

New Member

Jeff_FTNT wrote:
One LDAP server setting on FGT only use one "cnid".
You may try to set up two LDAP server with different "cnid" on FGT and add those two LDAP server into one "User Group". Both should be works.
####
config user ldap edit "xxx" set server "x.x.x.x" set cnid "userPrincipalName" end config user ldap edit "yyy" set server "y.y.y.y" set cnid "sAMAccountName" end config user group
edit zzz
set member xxx yyy
end

A bit of a workaround, but should work. Still a bit unfortunate that one cannot just write a custom filter.

Thank you!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded