Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Getting User's display name via AD Authentication

SOLVED
Go to solution
Jaggie_
Occasional Contributor
‎12-03-2011 06:00:AM
‎12-03-2011 06:00:AM

Getting User's display name via AD Authentication

Hi All!

Have snooped around the forum and google but can't seem to get a definitive answer on this?

I would like to display the Users display name from the AD, I am currently am using the AD auth. I have seen ways that you can do it using LDAP and adding the attribute that you want via the catalog but I am not sure how you would go about it with Ad auth...

Basically I would like a custom notification message that says:

Hi, <First Name>, you are currently logged in as <DOMAIN>\<USERNAME> with role <USER ROLE>

That way I have a quick first line of troubleshooting when the phone up and say that they don't see the bookmarks etc. that they are expecting to see.

Thanks for any help,

Jaggie

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
zanyterp_
Respected Contributor
‎12-06-2011 08:46:AM
‎12-06-2011 08:46:AM

Re: Getting User's display name via AD Authentication

You are welcome.

 

The main benefit of using AD/NT over LDAP is that you can search across domains; LDAP requires a unique server/realm instance for each domain.

LDAP is typically quicker, allows access to attributes, can search nested groups, if you use secure meeting, users can search for users who have not yet logged in to the device, and overall has more flexibility for you as an admin (as long as you do not need multiple domains).

If you do decide to switch, please keep in mind that if you are using group membership for your role mapping now (on AD) you will have to recreate those for the LDAP server instance (they are tracked differently internally) on the device before users can login successfully and if you allow users to create bookmarks, they will be lost when you switch.

View solution in original post

0 Kudos
6 REPLIES 6
srigelsford_
Contributor
‎12-06-2011 01:02:AM
‎12-06-2011 01:02:AM

Re: Getting User's display name via AD Authentication

In the UI settings of the role, add a notification message. User's LDAP information can be extracted using userAttr.xxx where xxx is the variable you want to display. For example, userAttr.name will display the users name, userAttr.cn will display the user's container name (usually their full name) etc.

There are lots and I can't remember all of them but that should get you on the right track. You can use the variables to display the users phone number, line manager, anything you have recorded in their user account in AD.

For example:

"Hello <userAttr.name" would display "Hello Sam" for me.

Sam.

JNCIS-SSL JNCIS-FWV JNCIS-ER JNCIS-SEC

0 Kudos
zanyterp_
Respected Contributor
‎12-06-2011 08:19:AM
‎12-06-2011 08:19:AM

Re: Getting User's display name via AD Authentication

As mentioned previously, you can do this via LDAP; however, if you are not in a position that you can switch to the LDAP server schema at this time, you can use the following values for an AD/NT server instance:

 

<USER> which is domain\username

<USERNAME> which is just username

 

Your message would then look like this:

Hello, <USERNAME>, you are currently logged in as <USER> to <ROLE>

0 Kudos
Jaggie_
Occasional Contributor
‎12-06-2011 08:32:AM
‎12-06-2011 08:32:AM

Re: Getting User's display name via AD Authentication

Thanks for your repsonse, I could switch over to LDAP.

Could you confirm if there are any benefits over AD auth than LDAP that I might not know about?

The auth is being provided by a server 2008 AD Domain controller so Ad or LDAP auth don't really make much difference to me..

Thanks,

0 Kudos
zanyterp_
Respected Contributor
‎12-06-2011 08:46:AM
‎12-06-2011 08:46:AM

Re: Getting User's display name via AD Authentication

You are welcome.

 

The main benefit of using AD/NT over LDAP is that you can search across domains; LDAP requires a unique server/realm instance for each domain.

LDAP is typically quicker, allows access to attributes, can search nested groups, if you use secure meeting, users can search for users who have not yet logged in to the device, and overall has more flexibility for you as an admin (as long as you do not need multiple domains).

If you do decide to switch, please keep in mind that if you are using group membership for your role mapping now (on AD) you will have to recreate those for the LDAP server instance (they are tracked differently internally) on the device before users can login successfully and if you allow users to create bookmarks, they will be lost when you switch.

0 Kudos
Jaggie_
Occasional Contributor
‎12-07-2011 10:02:AM
‎12-07-2011 10:02:AM

Re: Getting User's display name via AD Authentication

Thanks so much all working now now with LDAP.

Don't need multiple domain support so LDAP is the option...
0 Kudos
zanyterp_
Respected Contributor
‎12-07-2011 10:05:AM
‎12-07-2011 10:05:AM

Re: Getting User's display name via AD Authentication

You are welcome.

Very cool; glad to hear it is working.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.