I spoke too soon... nuances in validating users

[tfountain]

Ok, I have setup the following configuration for authenticating through our AD server:

Code:

hostname = <servername>.<location>.<domain>.com
searchbase = DC=<location>,DC=<domain>,DC=com
bindingdn = CN=$1,OU=<unit>,DC=<location>,DC=<domain>,DC=com
userquery = samAccountName=$1

To elaborate

• hostname is the FQDN of the server
• every <location> value is the same
• every <domain> value is the same

Now what I'm finding are some users have a CN=<user name>, others have a CN=first name <space> last name. Examples:

Code:

<user name="flastname">
  <ldap-dn>CN=flastname,OU=<unit>,DC=<location>,DC=<domain>,DC=com</ldap-dn> 
  <date.created>2000-00-00T00:00:00Z</date.created> 
  <firstname>Firstname</firstname> 
  <lastname>Lastname</lastname> 
  <phonenumber>555-555-1212</phonenumber> 
  <email>flastname@<domain>.com</email> 
  <description /> 
  <groups>
    <!-- groups omitted for this example -->
  </groups>

Code:

<user name="flastname">
  <ldap-dn>CN=Firstname Lastname,OU=<unit>,DC=<location>,DC=<domain>,DC=com</ldap-dn> 
  <date.created>2000-00-00T00:00:00Z</date.created> 
  <firstname>Firstname</firstname> 
  <lastname>Lastname</lastname> 
  <phonenumber>555-555-1212</phonenumber> 
  <email>flastname@<domain>.com</email> 
  <description /> 
  <groups>
    <!-- groups omitted for this example -->
  </groups>

However, if I login using 'Firstname Lastname' it fails - most likely because of the userquery not finding a 'user name' of 'Firstname Lastname' because the username is actually 'flastname'.

So, with this out - how can I configure these settings to not care about the differences in the CN values and authenticate regardless. The 'user name' tag will always be consistent.

[MaxM]

As I explained in the other thread, a displayname-pattern should solve this for you by allowing you to pick the ldap attributes to use for consistent deki user names.