Using AD as an LDAP source with SGD 4.6


SGD 4.6 has streamlined (for the right reasons) the search filter for LDAP repositories. If you leave SGD 4.6 unchanged from the default install and point it to an AD source for authentication but using LDAP, you'll find that AD users can only login with their "First, Last" as the user name.

This is because the key attribute for AD for what we commonly think of as the user ID is no longer part of the default LDAP search filter, because it's not a LDAP attribute: sAMAccountName.

To "unstreamline" this, simply execute, as root on your SGD server (stop and start required):

tarantella config edit \
 --com.sco.tta.server.login.ldap.LdapLoginAuthority.properties-searchFilter \
"(|(sAMAccountName=\${name})(cn=\${name}))"


To check...


tarantella config list \
--com.sco.tta.server.login.ldap.LdapLoginAuthority.properties-searchFilter 


PS: I had posted this originally with "&", which has been a recurring email trail mistake. Fixed on 01-Dec-2010 ;)



Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

A thin thinker down under

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today