/build/static/layout/Breadcrumb_cap_w.png

Setting up LDAP User import with the login to be user email address

So I setup SMA to import users no problem there. Then after some we decided that we would like to make the login name that the user use to be their email address instead of just their SamAccountName. So I updated all the LDAP schedules and changed the mapping so that Login now maps to mail. It imports/updates the users according however, if I then try to log into KACE SMA with my email address I get the message that Login Failed: Incorrect Use name or password. I can then remove the domain info from my email address and it logs me in. However, since that is not what the LDAP attributes are set for it seems to create a secondary user account. One that shows that the login is my email address and then one that shows that my login is my SamAccountName. Is it not possible to have user login using their email address or did I just miss something during the process? If that later, what should I be looking to correct?


0 Comments   [ + ] Show comments

Answers (2)

Posted by: JordanNolan 4 days ago
9th Degree Black Belt
0

First, not sure if that will work, but do you know if your "mail" matches your UPN in active directory.  When you logon you can use:


Pre Win2k format: username where Username is your SAM
UPN format: username@mydomain.com You need to be sure that your UPN suffix is setup to match your email suffix or you will probably be defaulted to username@mydomain.local


I would check your AD user properties and confirm that your UPN matches your email.  If it does not, you can run a quick test as is by trying to login with whatever the UPN is now and see if this works.  If it does, then fix your import so it imports the UPN instead of the mail field and update the UPN to match your email format since most thing you integrate with later on are going to be based on the UPN and not the mail attribute.




Posted by: briangawith 2 days ago
Senior White Belt
0

I figured it out yesterday. I was being a little ignorant and all I needed to do was on the Authentication Settings for the LDAP import was to set the Advanced Search to (mail=KBOX_USER) instead of (samaccountname=KBOX_USER). As soon as I did that it corrected the issue and authentication worked correctly using email address instead of just the username.


Comments:
  • I would still recommend fixing the UPN and setting it to that. Office 365 and others SSO service prefer UPN matching. - JordanNolan 2 days ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ