Authentication settings for active directory: sAMAccountName instead of userPrincipalName

Stanvv · September 1, 2020, 2:16pm

How can I configure logging in with sAMAccountName instead of userPrincipalName ?

We used the LDAP realm before, but due to the lack of support on nested groups switched to active_directory realm with the following settings:

xpack:
  security:
    authc:
      realms:
        native:
          realm1:
            order: 0
        active_directory:
          ldap:
            order: 1
            url: "ldaps://ldap.abc.def:636"
            bind_dn: "CN=myusername,OU=Accounts,OU=MyApp,OU=Applications,OU=Groups,DC=abc,DC=def"
            user_search:
              base_dn: "DC=abc,DC=def"
              filter: "(sAMAccountName={0})"
              upn_filter: "(&(objectClass=user)(sAMAccountName={0}))"
            group_search:
              base_dn: "OU=Roles,OU=MyApp,OU=Applications,OU=Groups,DC=abc,DC=def"
            ssl:
              certificate_authorities: ["certs/my_cert.crt"]

The connection works fine, but I cannot seem to find how to configure authenticating with my sAMAccountName (e.g. 123456) rather than userPrincipalName (e.g. 123456@abd.def).

When I try to login with "123456" given the settings above, it says Invalid username or password. Please try again, while 123456@abd.def does work.

For the LDAP realm that was just setting user_search.filter: "(sAMAccountName={0})".

ikakavas · September 2, 2020, 6:26am

Hi there. Please add the domain_name: abd.def to your realm settings

Stanvv · September 2, 2020, 7:40am

Thanks, this was indeed the issue!

system · September 30, 2020, 7:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.