• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    LDAP authentication with userPrincipalName fill with email address

    Scheduled Pinned Locked Moved
    FOG Problems
    4
    19
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • george1421G
      george1421 Moderator @Tom Elliott
      last edited by

      @Tom-Elliott said in LDAP authentication with userPrincipalName fill with email address:

      I’m more inclined to think there’s an issue before this point (at which logging likely isn’t tracking).

      I agree if you don’t know what you are looking for you will never find it.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      1 Reply Last reply Reply Quote 0
      • F
        fritoss007
        last edited by

        I might have spotted someting in the string I’m using…this is our fqdn : csdufer.qc.ca and I’m using this string :

        ‘/(?=^.{3,40}$)^[\w][\w0-9][._-]?[\w0-9][.-]?[\w0-9]*[.-]?[\w0-9][@]?[\w0-9][.]?[\w0-9]+$/i’,

        should I use this instead ?

        ‘/(?=^.{3,40}$)^[\w][\w0-9][._-]?[\w0-9][.-]?[\w0-9]*[.-]?[\w0-9][@]?[\w0-9][.]?[\w0-9]*[.]?[\w0-9]+$/i’,

        george1421G 1 Reply Last reply Reply Quote 0
        • george1421G
          george1421 Moderator @fritoss007
          last edited by george1421

          @fritoss007 I’ve looked into the database bits too and the uName field is 40 characters log (that would store the upn name). So it should be large enough to hold most UPN names.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

          Tom ElliottT 1 Reply Last reply Reply Quote 0
          • Tom ElliottT
            Tom Elliott @george1421
            last edited by Tom Elliott

            @george1421 @fritoss007

            I think this regex would work best:

            (?=^.{3,40}$)^[\w][\w0-9]*[._-]?[\w0-9]*[._-]?[\w0-9]*[._-]?[\w0-9]*[@]?[\w0-9]*([.]?[\w0-9])+$
            

            This isn’t perfect, but should be closer to what’s needed.

            Essentially, it’s looking at the final [.]?[\w0-9] and grouping it allowing us to add as many as wanted.

            Here’s a slightly better version, I think, as it will allow normal usernames or email addresses:

            ^(?:[\w\d][\w\d _\-]{3,40}|[\w\d.%+\-]+@[\w\d.\-]+\.[\w]{2,4})$
            

            In the above, it will only limit 3-40 characters without email. With email, the sky’s the limit. However, as @george1421 stated, the user field is only 40 characters so it would fail if you had anything larger than the field could accept.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            george1421G 1 Reply Last reply Reply Quote 1
            • Tom ElliottT
              Tom Elliott
              last edited by

              One last bit, to make it a tiny bit more accurate, and compicated 😄

              ^(?:[a-zA-Z0-9][\w\d \.\-]{3,40}|[a-zA-Z0-9\.%+\-]+@[a-zA-Z0-9\.\-]+\.[a-zA-Z]{2,4})$

              This will make sure the first character is either letter or number (no underscore)

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              1 Reply Last reply Reply Quote 0
              • george1421G
                george1421 Moderator @Tom Elliott
                last edited by

                @fritoss007 Since the developers haven’t really looked into use email address or upn names for LDAP authentication can you do some research for them. If you could export you AD into something like excel and then create a quick formula to get the length of the upn name (could do with powershell too) and then post what is the longest UPN name (email) address you have in your AD. This would give the developers an idea if 40 characters is good enough or something else is needed.

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                1 Reply Last reply Reply Quote 1
                • F
                  fritoss007
                  last edited by

                  @george1421 Thanks I would think the lenght of 40 is plenty as only tech will use this interface with their very special “admin” accounts.

                  @Tom-Elliott Thanks as your last string works like a charm!

                  So I’ve created 2 LDAP connections, one with userPrincipalName and the other with sAMAccountName so if users use any of them it will work !

                  Now…what about the PXE menu ? I guess it’s a different story ?

                  george1421G 1 Reply Last reply Reply Quote 0
                  • george1421G
                    george1421 Moderator @fritoss007
                    last edited by

                    @fritoss007 said in LDAP authentication with userPrincipalName fill with email address:

                    Now…what about the PXE menu ? I guess it’s a different story ?

                    Different story == Different thread.

                    FWIW the developers are thinking about making this a feature (allowing login via UPN/email address) in 1.6.x versions of FOG. So reporting back that its working is a pretty good way to make it happen.

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                    1 Reply Last reply Reply Quote 0
                    • F
                      fritoss007
                      last edited by

                      @george1421 so funny I knew it 🙂 :)…I’m just wondering if it worth opening a new thread! I feel like it’s going to be much harder than the web interface!

                      But yes it’s working great for the GUI. Should I repport it somewhere else ?

                      george1421G 1 Reply Last reply Reply Quote 0
                      • george1421G
                        george1421 Moderator @fritoss007
                        last edited by

                        @fritoss007 said in LDAP authentication with userPrincipalName fill with email address:

                        Should I report it somewhere else

                        In this tread is good enough. Both Tom and Sebastian are in this thread so its the right place at the right time.

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                        1 Reply Last reply Reply Quote 0
                        • 1 / 1
                        • First post
                          Last post

                        299

                        Online

                        12.0k

                        Users

                        17.3k

                        Topics

                        155.2k

                        Posts
                        Copyright © 2012-2024 FOG Project