FOG 1.3.0 LDAP Plugins - AD mail attribute



  • Hello,

    I have installed for test in dev plateform the new FOG 1.3.0
    Install OK. I’m intersted by the LDAP plugins.

    I have tried, it work fine with an Active Directory domain. (Very thanks for your good works all team)

    My question is, can i use an other attribute of Active Directory for the "User Nam Attribute"
    The default “User Nam Attribute” with Active Directory is the sAMAccountName.
    But … i want use the “mail” Attribute for login into FOG !

    Naturaly i have tried to type “mail” into the “User Nam Attribute” fields.
    But “Invalid login” at FOG logon screen…

    For better explanation: view screenshot
    I’m french, sorry for my bad english

    Thanks a lot.

    0_1483629978471_ldap_plugins.png
    0_1483630108046_ad_attribut.png


  • Moderator

    @Steuve68
    Follow Tom and George’s advice, they will lead you down the right path.


  • Senior Developer

    @Steuve68 Are simply trying to request that you can sign in using different domains? This is more a feature request than a problem.

    Changing the username attribute really shouldn’t be done. We allow it only because we don’t know how your LDAP will operate. This is why the “template” is there. It defines the defaults that SHOULD work, but allows you to make changes to exactly how your information is.

    To my knowledge, you cannot sign in as an Active Directory user using the mail attribute. You CAN sign in using the <username>@<domain> or <domain><username> but this is not at all using the “mail” attribute.



  • Hello,

    Thanks for your answers.
    Yes, I confirm login work with the Attribute AD sAMAccountName… but ONLY WITH the sAMAccountName not with sAMAccountName@domain.xxx (Invalid Login)

    Username: test
    Password: ****
    Login work

    Username: test@domain.xxx
    Password: ****
    Login failed

    View screenshoot

    0_1483690103925_fog_ldap.png

    Thank for your answer ;-) !


  • Moderator

    I can say this is an interesting request, and I’m almost sure it won’t work because the ldap plugin will see the email address jondoe@domain.com and think its a AD style user name "jondoe@domain.com" and strip off the (at)domain.com part.

    I can say we have never tested changing the “user nam attribute” (which I see we have a type-o name is missing the ‘e’)

    Can we first confirm that you can login properly if you use the samaccount name? The first step is to ensure the ldap plugin is working correctly. Then we can look at why the email address is not.


Log in to reply
 

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.