We’re using RT 4.2.12-5 as packaged in Ubuntu 16.04.4 LTS.
We’ve successfully been authenticating against a Windows 2012 R2 AD controller via ExternalAuth for a while now, using the mail attribute as a username.
We now have requirement to just sAMAccountName for a subset of users to login. Can anyone tell me why this snippet of config isn’t working to do this?
Plugin(‘RT::Authen::ExternalAuth’);
Set( $ExternalAuthPriority, [“My_LDAP”] );
Set($ExternalSettings, {
#NSLC# AN LDAP SERVICE
’My_LDAP’ => {
‘type’ => ‘ldap’,
'server' => 'servername',
'user' => 'ldapuser
'pass' => 'notarealldappass',
'base' =>
‘dc=national,dc=slcs,dc=ac,dc=uk’,
‘filter’ => ‘(&(objectCategory=person)(objectClass=user))’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
tls => { verify => ‘none’,
},
‘net_ldap_args’ => [ version => 3 ],
'attr_match_list' => [
'EmailAddress','ExternalAuthId',
],
'attr_map' => {
'Name' => 'mail',
'EmailAddress' => 'mail',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
},
},
} );
Set( $AutoCreateNonExternalUsers, 1 );
It works fine for users with the mail attribute set, but for users where I’d expect it to user the sAMaccountname, I just get “Your username or password is incorrect” on login screen. how is attr_match_list supposed to work?
Thanks,
Ian