Multiple LDAP login name attributes

I would like to use both sAMAccountName and userDistinguishedName as valid login for external LDAPs users.

Expected outcome:
Be able to set both in the Login Name Attribute field in the Authentication Sources web GUI

Foreman and Proxy versions:
Foreman and Proxy plugin versions:
Distribution and version:
Rhel 8
Other relevant data:
Trying to set both results in “is too long (maximum is 30 characters)”.
And even if i was able to , im not sure how i would tell it to use either… Maybe we could just use an LDAP filter there? Or some other form of input like a OR b, or just comma separated attributes…

Anyways, it would be a nice QoL to be able to use both. Currently i have users complaining that their distinguished name is too long and others complain that they dont know their shortform login (sAMAccountName)…


Hi there :slight_smile:

We configured that in our system, by basically just duplicating the whole config, so we have a LDAP-samAccountName and a LDAP-userPrincipalName, and the only difference is the login-name field,
of course if a user logs in once with the one config, and then once with the other, they will have 2 different configs, but that normally doesn’t happen, so yeah works pretty well for us.

Cheers, Lukas

1 Like

Yeah, i noticed two users popping up when i was testing and it makes sense considering the current limitations. I might just do like you did then, create two authentication sources with different login name attributes…

Thanks for the suggestion! (Still think it would be a nice QoL to have Foreman support multiple attributes tho, it gets messy with two(+) useraccounts for each physical user.

1 Like