Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ldap lookup users by a different attribute #62

Open
mhamiltonj opened this issue Jul 6, 2021 · 1 comment
Open

ldap lookup users by a different attribute #62

mhamiltonj opened this issue Jul 6, 2021 · 1 comment

Comments

@mhamiltonj
Copy link

Hi, I'm sorry if I have just misunderstood the docs, but I'm a little confused how to configure the
ldap lookup users by setting. Our AD has user's email addresses stored in an attribute called mail (not email). I now have uid set to mail and ldap lookup users by set to email but LDAP login still fails.
@jonmbake
Copy link
Owner

jonmbake commented Jul 6, 2021

Hey @mhamiltonj .

how to configure the ldap lookup users by setting

This controls how the lookup of the Discourse user after authentication will be done. Setting it to email in your case should work.

Our AD has user's email addresses stored in an attribute called mail (not email).

That should be fine. The plugin uses https://github.com/omniauth/omniauth-ldap under the hood. The mail attribute gets successfully mapped to the email: https://github.com/omniauth/omniauth-ldap/blob/3242f85968f26938d9a6ce028e511e788cc54722/lib/omniauth/strategies/ldap.rb#L11

I now have uid set to mail

I suspect that this is incorrect. From the https://github.com/omniauth/omniauth-ldap docs: "typically AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonmbake @mhamiltonj