cancel
Showing results for 
Search instead for 
Did you mean: 

SA4000: Active Directory Authentication E-Mail attribute

SOLVED
cK_
Contributor

SA4000: Active Directory Authentication E-Mail attribute

Hello,

could anyone tell me if it's possible to use the E-mail attribute in an active directory account as login userid?

I do not want to use the username of the AD account because I want to use as much as possible the E-Mail of the user. This would make it a lot easier for resources and sso.
If possible, what is the best way to proceed?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
muttbarker_
Valued Contributor

Re: SA4000: Active Directory Authentication E-Mail attribute

  1. Yes you should get this warning. Your users can also then change their password through the IVE. Make sure you select "authentication required" in your LDAP setup. You also need to use a secure LDAP connection (LDAPS on port 636) for this work.
Message Edited by muttbarker on 10-23-2008 07:09 AM

View solution in original post

6 REPLIES 6
muttbarker_
Valued Contributor

Re: SA4000: Active Directory Authentication E-Mail attribute

Off the top of my head I would look at using LDAP instead of AD. You could then map the sign in attribute to the email address instead of the standard user name.

Hope that helps,

ssl_boy_
Contributor

Re: SA4000: Active Directory Authentication E-Mail attribute

Hi,

Muttbarker is correct, you can only pull those kind of information using the LDAP interface. Generally I prefer to use the LDAP interface as the information tends to be richer and the whole process tends to be faster, although it does need more work to setup in the first instance.

The other thing to remember is that you'll need to delete and re-create any role-mapping rules that use AD groups as the AD/LDAP formats are different.

Regards

Kendal

cK_
Contributor

Re: SA4000: Active Directory Authentication E-Mail attribute

Hi,

so what I need to do is create a new LDAP authentication server and in the Finding user entries I put in the Filter field mail=<USER>

Or is there more to it then just this?

Kind regards,

Koen.

muttbarker_
Valued Contributor

Re: SA4000: Active Directory Authentication E-Mail attribute

You are 100% correct - that will do just fine for authentication purposes. Please that in the Filter section of the finding user entries component of your Auth Server setup.

cK_
Contributor

Re: SA4000: Active Directory Authentication E-Mail attribute

Thanks for the reply, I will try and test it as soon as possible.
Another question I have is regarding the password.

When linked to a LDAP server as authentication server, how does it work when the password is about to expire?
For example we need to change our password every 60 days, we get a warning 15 days in before. Will I get this warning on the IVE?

muttbarker_
Valued Contributor

Re: SA4000: Active Directory Authentication E-Mail attribute

  1. Yes you should get this warning. Your users can also then change their password through the IVE. Make sure you select "authentication required" in your LDAP setup. You also need to use a secure LDAP connection (LDAPS on port 636) for this work.
Message Edited by muttbarker on 10-23-2008 07:09 AM

View solution in original post