Release Automation

I have the following issue:

I am able to import an AD group but only some members of that group are able to login, and some others are unable and get the following error message:

In fact, I found that users for whom AD attribute userPrincipalName is not defined are not able to login.

Is there a way to use another attribute (dn for example) because userPrincipalName is not always defined in our AD ?

Hi Stéphane,

Can you please remind me the CA RA version you are using?

FYI, starting RA 6.0 and 6.5, some issues have been released concerning the support of multiple AD.

Resolved Issues - CA Release Automation - 6.6 - CA Technologies Documentation 

Regards,

Cyrille

Hi Cyril,

Unfortunately we're still using CA RA 5.5 (hope to upgrade soon...) !

But we are using only one AD.

I think the issue is about attribute mapping.

When I import a LDAP user, I can specify the attribute mapping (by default USER_NAME=samaccountname,GIVEN_NAME=givenname,SURNAME=sn,EMAIL=email,SECURITY_CONTEXT=userprincipalname), then I am able to put another attribute in SECURITY_CONTEXT. 

But when I import a LDAP group, there is no way to specify the attribute mapping and userprincipalname is always used as SECURITY CONTEXT, and then some users are not able to login because they don't have a userprincipalname attribute.

I wonder if there is a setting somewhere in a config file to change this behaviour ?

Hi Stéphane,

Please look at this link below where it describes additional tuning for LDAP integration.

Customize applicationContext-acegi-security.xml for LDAP authentication 

Hoping this helps you.

Cyrille

Hi,

Did Cyrille's answer satisfy your requirement?

If you need, I recommend to raise an idea as enhancement request.

Thanks

Yas

Hello,

I'm 99.9% sure that the applicationContext-acegi-security.xml attributes/settings are used for non active directory ldap environments. And I'm not aware of any way to get an AD login to work without a UPN. I'll try to find out. 

Kind regards,

Gregg