Isd it possible to configure an LDAP (MS AD) directory that will allow a user to log in using either the LDAP directories' userPrincipalName or sAMAccountName attrribute value? I'd like to allow people to use either (the one is older and more familiar to my audience than the other). Or is it only possible to match on a single attribute for a login username?
Thanks.
-Alan
You can setup multiple LDAP repositories in Confluence. In 3.4.x and earlier, just edit atlassian-user.xml and input to repositories with different usernameAttribute elements:
<ldap key="ad1" name="ad1" cache="true">
<host>ad1</host>
<port>389</port>
<securityProtocol>plain</securityProtocol>
<securityAuthentication>simple</securityAuthentication>
<usernameAttribute>sAMAccountName</usernameAttribute>
<userSearchFilter>(objectClass=user)</userSearchFilter>
<firstnameAttribute>givenname</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=group)</groupSearchFilter>
<userSearchAllDepths>true</userSearchAllDepths>
<groupSearchAllDepths>true</groupSearchAllDepths>
<membershipAttribute>member</membershipAttribute>
</ldap>
<ldap key="ad2" name="ad2" cache="true">
<host>ad2</host>
<port>389</port>
<securityProtocol>plain</securityProtocol>
<securityAuthentication>simple</securityAuthentication>
<usernameAttribute>userPrincipalName</usernameAttribute>
<userSearchFilter>(objectClass=user)</userSearchFilter>
<firstnameAttribute>givenname</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=group)</groupSearchFilter>
<userSearchAllDepths>true</userSearchAllDepths>
<groupSearchAllDepths>true</groupSearchAllDepths>
<membershipAttribute>member</membershipAttribute>
</ldap>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.