Hi Gurus, I want some users to connect transparently to our Gateway using a certificate signed by our private PKI. The problem, I'm facing is with the Role Mapping restriction where I want to use Group Membership. The Certificate Auth Server Looks for which value is:
[email protected] I can alos use which value would then be: Valiere Jean-Christophe On the LDAP/AD Authentication server, I look for user entries using the following filter: samAccountName=, which value is: valiere.j-c I could also use cn=, which value would then be: Valiere Jean-Christophe The Group Membership filter is: cn= and Member Attribute is member. Finally. the Subject of my Certificate is as below: E =
[email protected] CN = Valiere Jean-Christophe OU = SIT OU = Administrator Accounts OU = ORG DC = DOMAIN DC = tld And the Subject Alternative Name is as below: Principal Name =
[email protected] RFC822 Name =
[email protected] The issue is that I can't have a match between user and group membership because the CN of the certificate is "Valiere Jean-Christophe" and my samAccountName value is: valiere.j-c My guess is that I would have to change the certificate Subject, unfortunatelly, I'm pretty limited with the options of the certificate Subject & Subject Alternative Name. Is there any way I can request the CN of user from the samAccountName to then find if the user belong to the group ? Hope I have been clear :-) Thanks & Best Regards, Jean-Christophe Valiere
... View more