LDAP Questions - userPrincipalName?
-
I'm playing around with using the Cloudron as the LDAP server for another application I have running on a different server. However, it looks like that application is limited to searching for users by userPrincipalName. I've been digging around in the config to see if there is a way for me to change this.
When I use ldapsearch to get a list of users I do not see userPrincipalName—I only see sAMAccountName. Would I need to get the other application to filter using that instead or is there something I can do on the LDAP server to make this field available? What AD/LDAP server is Cloudron using? I will admit this AD & LDAP are not my strong suit. Thanks in advance for any input!
-
The Cloudron LDAP server is basically implemented on our own based on the ldapjs module.
In your case you would probably hit this function https://git.cloudron.io/cloudron/box/-/blob/master/src/userdirectory.js#L145 within which you can see the user attributes available. Those are basically hardcoded as we assume clients can also be configured accordingly so we didn't want to add extra complexity through further dynamic settings.
From https://social.technet.microsoft.com/wiki/contents/articles/52250.active-directory-user-principal-name.aspx looks like userPrincialName is similar to sAMAccountName but maybe more often used in AD rather than LDAP.
If this is typical for AD, I guess there is no harm done to add this attribute also in our directory server simply. Does anyone here on the forum have more experience with ActiveDirectory to contribute to this topic?
-
@nebulon Per https://docs.microsoft.com/en-us/windows/win32/adschema/a-userprincipalname , it's an email address and not a username. Also, see https://ldapwiki.com/wiki/UserPrincipalName which sometimes says email and sometimes username.
@colonelpanic Do you know what your software expects this to be?
