FreePBX | Register | Issues | Wiki | Portal | Support

Allowing users to login to ldap/ad via UPN


#1

I’m trying to unify the login method across the company to using UPN (userPrincipalName) across the board (as in stew@company.com instead of stew or company\stew)

In User Manager I can change the “User name attribute” to userPrincipalName instead of sAMAccountName, and that updates the usernames to be the full UPN. However, user authentication (testing via logging into ucp) then fails.

I was unable to find any logs aside from authentication failures in /var/log/asterisk/freepbx_security.log that would indicate what’s wrong, but I assume the ldap client is still trying to authenticate against sAMAccountName.

Is there somewhere I could change the ldap query string it uses for authentication?
Does it seem reasonable that it should also be user configurable?