i´m trying to setup the USS in our 14.1 AA configuration with CA Service Catalog and SDM. I managed to get the USS running whit EEM authentication. In our EEM we have multiple LDAP´s as User Store defined. One LDAP has the default Attribute Mapping "Microsoft Active Directory" which is using the sAMAccountName for "User name". Another LDAP has a customized mapping where the userPrincipalName is used for the "User Name".
- User Name in EEM (example): Name1
- User Name in EEM (example): Name2@domain2.com
The problem is, that i´m only able to login to USS with users of Domain1 with "Name1" as Username in the USS login screen. If i enter "Name2@doamin2.com" as username i get a "UserScreenNameException" error message. Authentication is set to "By Screen Name" in USS. I also set the "bypass.liferay.screenname.validation=true" value in the portal-ext.properties.
The question is why the userPrincipalName can not be used and whats happening if i have two different domains with sAMAccountName mapping in EEM and there are a user John.Doe in each domain?
I hope the problem is explained properly and someone has the crucial information for me.
Feel free to ask for more information!
NOTE: I don´t know how important this is at this point, but the users of the different domains in EEM are also in the MDB in different tenants:
- Domain1 = Tenant1, userid in MDB like "domain1\Name1"
- Domain2 = Tenant2. userid in MDB like "Name2@domain2.com"