LDAP attribute for login (Choose instead of hardcode)

currently the selection of the UID attribute seems to be hardcoded, specifically in the file “lib/ldap/user.rb” in line 54-70 there is a function that searches through the list “samaccountname, userprincipalname, uid, dn”


# Returns the uid attribute.
#
# @param attributes [Hash{Symbol=>Array<String>}] A list of LDAP User attributes which should get checked for available uids.
#
# @example
#  Ldap::User.uid_attribute(attributes)
#
# @return [String] The uid attribute.
def self.uid_attribute(attributes)
  result = nil
  %i(userprincipalname uid dn).each do |attribute|
    next if attributes[attribute].blank?
    result = attribute.to_s
    break
  end
  result
end

i already tested deleting the “samaccountname” - the way the function is written, it will always return samaccountname when authenticating against Active Directory, therefore the “userprincipalname” will never become active.

Also it is not editable in the frontend which attribute to use, when setting up the LDAP connection, it should be possible to select the ldap attribute to match the UID, i assume it is very common for alot of organizations to use mail or userprincipalname (or even displayName) as login. All other attributes are editable already (givenName, Familyname … )

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.