LDAP attribute for login (Choose instead of hardcode)

currently the selection of the UID attribute seems to be hardcoded, specifically in the file “lib/ldap/user.rb” in line 54-70 there is a function that searches through the list “samaccountname, userprincipalname, uid, dn”

# Returns the uid attribute.
#
# @param attributes [Hash{Symbol=>Array<String>}] A list of LDAP User attributes which should get checked for available uids.
#
# @example
#  Ldap::User.uid_attribute(attributes)
#
# @return [String] The uid attribute.
def self.uid_attribute(attributes)
  result = nil
  %i(userprincipalname uid dn).each do |attribute|
    next if attributes[attribute].blank?
    result = attribute.to_s
    break
  end
  result
end

i already tested deleting the “samaccountname” - the way the function is written, it will always return samaccountname when authenticating against Active Directory, therefore the “userprincipalname” will never become active.

Also it is not editable in the frontend which attribute to use, when setting up the LDAP connection, it should be possible to select the ldap attribute to match the UID, i assume it is very common for alot of organizations to use mail or userprincipalname (or even displayName) as login. All other attributes are editable already (givenName, Familyname … )

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Hello @mso

currently we are in the process of processing the feature requests that have accumulated. Thereby I have a demand.

If I understand you correctly you “just” want to change the login attribute of a user.

IMO this can be already done in the LDAP wizard:

Screenshot 2023-08-22 at 10.08.412202×1270 262 KB

The source code lines which you referred is only to get the uniq identifier of an user in you LDAP. But this is not related to the login attribute.

Since your problem is already solvable, I move this item to “technical assistance”.

In case you have questions, let me know.