Have snooped around the forum and google but can't seem to get a definitive answer on this?
I would like to display the Users display name from the AD, I am currently am using the AD auth. I have seen ways that you can do it using LDAP and adding the attribute that you want via the catalog but I am not sure how you would go about it with Ad auth...
Basically I would like a custom notification message that says:
Hi, <First Name>, you are currently logged in as <DOMAIN>\<USERNAME> with role <USER ROLE>
That way I have a quick first line of troubleshooting when the phone up and say that they don't see the bookmarks etc. that they are expecting to see.
Thanks for any help,
Solved! Go to Solution.
In the UI settings of the role, add a notification message. User's LDAP information can be extracted using userAttr.xxx where xxx is the variable you want to display. For example, userAttr.name will display the users name, userAttr.cn will display the user's container name (usually their full name) etc.
There are lots and I can't remember all of them but that should get you on the right track. You can use the variables to display the users phone number, line manager, anything you have recorded in their user account in AD.
"Hello <userAttr.name" would display "Hello Sam" for me.
JNCIS-SSL JNCIS-FWV JNCIS-ER JNCIS-SEC
As mentioned previously, you can do this via LDAP; however, if you are not in a position that you can switch to the LDAP server schema at this time, you can use the following values for an AD/NT server instance:
<USER> which is domain\username
<USERNAME> which is just username
Your message would then look like this:
Hello, <USERNAME>, you are currently logged in as <USER> to <ROLE>
Thanks for your repsonse, I could switch over to LDAP.
Could you confirm if there are any benefits over AD auth than LDAP that I might not know about?
The auth is being provided by a server 2008 AD Domain controller so Ad or LDAP auth don't really make much difference to me..
You are welcome.
The main benefit of using AD/NT over LDAP is that you can search across domains; LDAP requires a unique server/realm instance for each domain.
LDAP is typically quicker, allows access to attributes, can search nested groups, if you use secure meeting, users can search for users who have not yet logged in to the device, and overall has more flexibility for you as an admin (as long as you do not need multiple domains).
If you do decide to switch, please keep in mind that if you are using group membership for your role mapping now (on AD) you will have to recreate those for the LDAP server instance (they are tracked differently internally) on the device before users can login successfully and if you allow users to create bookmarks, they will be lost when you switch.