cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP Authentication AD by EMail

mugger
Champ in-the-making
Champ in-the-making
Hello!

How i can do authentification by email?
Now work by "cn", but users want by email!

Please, help!
5 REPLIES 5

mrogers
Star Contributor
Star Contributor
You need to change your ldap.synchronization.userIdAttributeName property from uid to the property name of of the email address in ldap.  Probably 'mail'

mugger
Champ in-the-making
Champ in-the-making
Thanks, but unfortunately does not work

My config:

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://usr.local:3268
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=admin
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=CN=ad.connect,ou=ServiceAccounts,ou=Domain Users,dc=usr,dc=local
ldap.synchronization.java.naming.security.credentials=XXXX
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=ou=Domain Users,dc=usr,dc=local
ldap.synchronization.userSearchBase=ou=Domain Users,dc=usr,dc=local
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=mail
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0

ranajitjana
Champ in-the-making
Champ in-the-making
Please find that I am able to find the user but when i try to login it does not allow me.

ranajitjana
Champ in-the-making
Champ in-the-making
As i have marked in my other post for alfresco LDAP setup is also important as afresco directly look at the dn. Please find the changes i have done to login via email


ldap.authentication.userNameFormat=mail=%s,ou=people,dc=org,dc=com
ldap.synchronization.userIdAttributeName=mail

But look at the screenshot carefully , I am able to login only if my dn is identified by the email (find the attachement) so i could login only via hello@liferay.com