Is it possible to login to the SSL front page using full Active Directory login, for example I can only login as;
When I would like to be able to login as;
Currently if I try to login using the full UPN login, it is denied.
Thanks in advance.
Sure - you can do this pretty easily if you want to use LDAP instead of AD. Just specify the LDAP attribute of userprincialname in the user entry piece of the auth server setup. userprincipalname=user.
Should work just fine.
Thanks for the reply,
One quick question (sorry I'm a bit new to this) just want to check that I should make that change under Aythentication Servers -> LDAP -> Finding User Entries like in the attached picture.
Guess I wasn't to clear on that Yes - you are correct! This maps the LDAP UPN value to the SA "user" value.
Kevin, have you run into problems deleting an AD auth server and re-creating it as an LDAP auth server? I seem to recall that going back and forth like that caused the IVE not to be able to join the domain, and that I had to modify the default IVE computername (under advanced). but I may not be remebering correctly.
Also if you do this, don't you have to re-build all of your role-mapping rules?
Hey Theo - Our SA box is used for both production and then testing of customer environments. So I have about 10 / 12 different auth servers defined at any time. Instead of deleting a server (IE as AD and the creating a new LDAP) I have multiple AD with different access users, multiple LDAP with different attributes (username, email, UPN....) and then I just swap them out for testing authentication within my various roles. Same goes for server types - W2K - 2003, 2008....
I can attach to a single domain server with all of thse auth definitions with no problems. If I build out a new AD auth server definition for a domain that I am alreday using then I give it a different computer name. LDAP does not use computer name for attachment.
Also I typically always use LDAP for authorization so role mapping never changes.
Hope that clarifies.
Yes it does, thanks.
one thing to keep in mind when going rom AD to LDAP is that all your users custom bookmarks they have created are stored in the AD auth server so if you do this you will loose all those as currently there is no way to export the user created bookmarks and import them into another auth server