Setting up LDAP User import with the login to be user email address
So I setup SMA to import users no problem there. Then after some we decided that we would like to make the login name that the user use to be their email address instead of just their SamAccountName. So I updated all the LDAP schedules and changed the mapping so that Login now maps to mail. It imports/updates the users according however, if I then try to log into KACE SMA with my email address I get the message that Login Failed: Incorrect Use name or password. I can then remove the domain info from my email address and it logs me in. However, since that is not what the LDAP attributes are set for it seems to create a secondary user account. One that shows that the login is my email address and then one that shows that my login is my SamAccountName. Is it not possible to have user login using their email address or did I just miss something during the process? If that later, what should I be looking to correct?
First, not sure if that will work, but do you know if your "mail" matches your UPN in active directory. When you logon you can use:
Pre Win2k format: username where Username is your SAM
UPN format: firstname.lastname@example.org You need to be sure that your UPN suffix is setup to match your email suffix or you will probably be defaulted to email@example.com
I would check your AD user properties and confirm that your UPN matches your email. If it does not, you can run a quick test as is by trying to login with whatever the UPN is now and see if this works. If it does, then fix your import so it imports the UPN instead of the mail field and update the UPN to match your email format since most thing you integrate with later on are going to be based on the UPN and not the mail attribute.
I figured it out yesterday. I was being a little ignorant and all I needed to do was on the Authentication Settings for the LDAP import was to set the Advanced Search to (mail=KBOX_USER) instead of (samaccountname=KBOX_USER). As soon as I did that it corrected the issue and authentication worked correctly using email address instead of just the username.