Problem:
I would like to use both sAMAccountName and userDistinguishedName as valid login for external LDAPs users.
Expected outcome:
Be able to set both in the Login Name Attribute field in the Authentication Sources web GUI
Foreman and Proxy versions:
3.10 Foreman and Proxy plugin versions:
N/A Distribution and version:
Rhel 8 Other relevant data:
Trying to set both results in “is too long (maximum is 30 characters)”.
And even if i was able to , im not sure how i would tell it to use either… Maybe we could just use an LDAP filter there? Or some other form of input like a OR b, or just comma separated attributes…
Anyways, it would be a nice QoL to be able to use both. Currently i have users complaining that their distinguished name is too long and others complain that they dont know their shortform login (sAMAccountName)…
We configured that in our system, by basically just duplicating the whole config, so we have a LDAP-samAccountName and a LDAP-userPrincipalName, and the only difference is the login-name field,
of course if a user logs in once with the one config, and then once with the other, they will have 2 different configs, but that normally doesn’t happen, so yeah works pretty well for us.
Yeah, i noticed two users popping up when i was testing and it makes sense considering the current limitations. I might just do like you did then, create two authentication sources with different login name attributes…
Thanks for the suggestion! (Still think it would be a nice QoL to have Foreman support multiple attributes tho, it gets messy with two(+) useraccounts for each physical user.
