I created a new onboard tenant and defined its domain(that apears in the login page)
The problem is that I have users from other domains that need to access the same onboard tenant.
It is possible to configure that way?
I opened a ticket in support and analysing we discovered that the problem is that the user from the second domain has the same userid in AD, so when the uss try to create the new user it is not possible because of the same screen name
You should be able to add a second value under the initial domain in the file C:\Windows\System32\drivers\etc\hosts on the client machine for the onboarded tenant, for example:
USSIPADDRESS test.company1.com USSIPADDRESS test.company2.com
This will be interpreted as a virtual host on your server and it should be recognized by the DNS.
This is not what I want.
I will continue to access the uss onboard tenant by the same address (http://construdecor.baymetrics.com.br:8686 )
My default domain is construdecor.com.br but what I need is to be able to login with users from other domains like @dicico.com.br and @sodimac.com.br
In my EEM I already have the LDAP servers from this domains configured, so the users from its domains are available.
I already have the users for this domains in SDM and Catalog
First of all I will strongly advise you to turn this to https as the quicker possible!!!!
Your site is publically available with login page exposing your end users domain credentials.
In your hosts file, C:\Windows\System32\drivers\etc\hosts
And users from the construdecor.com.br domain are able to log in, correct?
If you add:
Below the first entry, users from dicico.com.br are not able to log in, correct?
If so do they receive a specific error?
Perhaps you can capture the error in the USS Liferay log and post it?
I have USS with some domain and its possible for users from other domain to login in.
If you already have those domains into EEM, those users should be able to login into USS, please tell me what is the error when trying to login.
you may want to change using email address in stead of screenname in liferay configuration to avoid that.
I do either believe that USS itself use the email address to connect back to SDM and SC
And do you know how to change this in liferay config?
after successful logon to USS with admin account
modify the URL in your browser to: <yourdomainpath>/group/control_panel
scroll down on the left menu down to the portal settings
on the right side menu under configuration select authentication
Then in the dropdown menu "How do users authenticate" select email.
Don't forget to save.
The down side of this is that you will need to inform your user to use their email address to logon to USS vs their userid but as email will be mostly different per domain you must not have duplicate anymore.
My system is already with that configuration.
The problem is that for some reason, when the uss try to create a new user it validates also the userid in ad and this name matches screen name in uss.
The screen name must be unique, so 2 equal usernames with different email addresses are not able to have both a user in uss.
well then your problem is not with the authentication but with the import of your users.
the modify the mapping in the ldap configuration to change the screenname to be the email address vs. the sAMAccountName and revert back the previous change to use screenname.
This must fix your problem
Hope this help
Retrieving data ...