discourse-ldap-auth icon indicating copy to clipboard operation
discourse-ldap-auth copied to clipboard

Published 20 hours ago verified publisher icon jonmbake

ldap lookup users by a different attribute

Open mhamiltonj opened this issue 3 years ago • 1 comments

Hi, I'm sorry if I have just misunderstood the docs, but I'm a little confused how to configure the ldap lookup users by setting. Our AD has user's email addresses stored in an attribute called mail (not email). I now have uid set to mail and ldap lookup users by set to email but LDAP login still fails.

mhamiltonj avatar Jul 06 '21 08:07 mhamiltonj

Hey @mhamiltonj .

how to configure the ldap lookup users by setting

This controls how the lookup of the Discourse user after authentication will be done. Setting it to email in your case should work.

Our AD has user's email addresses stored in an attribute called mail (not email).

That should be fine. The plugin uses https://github.com/omniauth/omniauth-ldap under the hood. The mail attribute gets successfully mapped to the email: https://github.com/omniauth/omniauth-ldap/blob/3242f85968f26938d9a6ce028e511e788cc54722/lib/omniauth/strategies/ldap.rb#L11

I now have uid set to mail

I suspect that this is incorrect. From the https://github.com/omniauth/omniauth-ldap docs: "typically AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'".

jonmbake avatar Jul 06 '21 23:07 jonmbake