Change lookup field in Active Directory - Windows Authentication
Folks,
Any advice on how to change the default AD field that gets used in the login stage. There is a way to do this with Identity Server, but I can see the equivalent setting for Windows?
Our default is sAMAcount, but we need to change this to our email filled field.
Is this possible?
cheers
GF
0
-
@latitide,
could someone please take a look at the code that looks up the Identity Server membership.config. (we switched to looking at this method rather than pursue Windows auth).The consultant we had on site swears it's basically not looking at the correct AD field. The one stipulated in the membership.config file is ignored, and seems to be looking at sAMAcount by default.
because of this we are getting our own custom Provider written for us that will read the membership.config and act on the settings in there.
Cheers
Gareth0 -
Hi Gareth,
After some research on this, I think you will probably have better luck getting this to work with the Windows Integrated provider as opposed to the Identity server. You can configure your searcher settings in your security.xml file to search by the email address attribute as opposed to the sAMAccount. Here's an example that I hope will help:<ServiceDetails xmlns="clr-namespace:Geocortex.Platform.Security.Integration.Windows"> <Searchers> <Searcher Path="LDAP://ldap.latitudegeo.com/DC=latitudegeo,DC=com" UseContainsQueries="true"> <GroupSearchFields> <SearchField>cn</SearchField> <SearchField>sAMAcountName</SearchField> </GroupSearchFields> <UserSearchFields> <SearchField>cn</SearchField> <SearchField>sAMAcountName</SearchField> </UserSearchFields> </Searcher> </Searchers> </ServiceDetails>You'll want to change the SearchField elements to the email field (I'm not sure what the field name is called exactly, but hopefully this will help you get started!)
If you're still having trouble, I'd suggest opening a support case so we can assist.
Cheers!
Danny0
Please sign in to leave a comment.
Comments
2 comments