AnsweredAssumed Answered

Unified Self Service (USS) Authentication via EEM with multiple LDAP Directories as User Stores

Question asked by A.Toellner on Mar 19, 2015
Latest reply on Apr 15, 2015 by Marcos Domingos

Hi community,

 

i´m trying to setup the USS in our 14.1 AA configuration with CA Service Catalog and SDM. I managed to get the USS running whit EEM authentication. In our EEM we have multiple LDAP´s as User Store defined. One LDAP has the default Attribute Mapping "Microsoft Active Directory" which is using the sAMAccountName for "User name". Another LDAP has a customized mapping where the userPrincipalName is used for the "User Name".

 

Domain1:

- sAMAccountName

- User Name in EEM (example): Name1

 

Domain2:

- userPrincipalName

- User Name in EEM (example): Name2@domain2.com

 

The problem is, that i´m only able to login to USS with users of Domain1 with "Name1" as Username in the USS login screen. If i enter "Name2@doamin2.com" as username i get a "UserScreenNameException" error message. Authentication is set to "By Screen Name" in USS. I also set the "bypass.liferay.screenname.validation=true" value in the portal-ext.properties.

 

The question is why the userPrincipalName can not be used and whats happening if i have two different domains with sAMAccountName mapping in EEM and there are a user John.Doe in each domain?

I hope the problem is explained properly and someone has the crucial information for me.

 

Feel free to ask for more information!

 

NOTE: I don´t know how important this is at this point, but the users of the different domains in EEM are also in the MDB in different tenants:

          -     Domain1 = Tenant1, userid in MDB like "domain1\Name1"

          -     Domain2 = Tenant2. userid in MDB like "Name2@domain2.com"

 

Thanks!

Alex

Outcomes