How can I configure logging in with sAMAccountName
instead of userPrincipalName
?
We used the LDAP realm before, but due to the lack of support on nested groups switched to active_directory realm with the following settings:
xpack:
security:
authc:
realms:
native:
realm1:
order: 0
active_directory:
ldap:
order: 1
url: "ldaps://ldap.abc.def:636"
bind_dn: "CN=myusername,OU=Accounts,OU=MyApp,OU=Applications,OU=Groups,DC=abc,DC=def"
user_search:
base_dn: "DC=abc,DC=def"
filter: "(sAMAccountName={0})"
upn_filter: "(&(objectClass=user)(sAMAccountName={0}))"
group_search:
base_dn: "OU=Roles,OU=MyApp,OU=Applications,OU=Groups,DC=abc,DC=def"
ssl:
certificate_authorities: ["certs/my_cert.crt"]
The connection works fine, but I cannot seem to find how to configure authenticating with my sAMAccountName
(e.g. 123456) rather than userPrincipalName
(e.g. 123456@abd.def).
When I try to login with "123456" given the settings above, it says Invalid username or password. Please try again
, while 123456@abd.def does work.
For the LDAP realm that was just setting user_search.filter: "(sAMAccountName={0})"
.