Ldap integration adjust userprinciplename


  • Used Zammad version: 3.5.0
  • Used Zammad installation source: source
  • Operating system: Debian GNU/Linux 10
  • Browser + version: Google Chrome Version 86.0.4240.183 (Offizieller Build) (64-Bit)

we are using zammad with an active directory(AD). For ldap integration we map attribute userprinciplename to login. Now users can login with abc-xyz-u1@url.de and their password.

What we would like to achieve is to cut off the domain part.
I found topic Change LDAP-Integration UID value

Setting.get(‘ldap_config’)[‘user_attributes’][‘userprincipalname’] is mapped to ‘login’
User.find(18777).login.split(’@’)[0] returns the user without the domain part.

I’m struggling how to do, if possible, Setting.set(‘ldap_config’)… in order to get [‘user_attributes’][‘userprincipalname’].split(’@’)[0] mapped to the login attribute.
Sorry I am not a ruby programmer and I do not know if it is a good idea to achieve this through manipulating the settings.
We could also use another ldap attribute like uid, but this attribute could get updated by everyone with AD permissions.

It would be great to get some help how to solve this.

Thank you and regards,

Expected behavior:

  • ldap sync imports abc-xyz-u1 to login from userprinciplename

Actual behavior:

1 Like

Hi @guidoesser

we use the following settings on Zammad to integrate it with our AD via LDAP connector:

Users do connect using their username + password.
i.e.: foo
Instead of: foo@bar.tld

IIRC, this is the default LDAP configuration offered by Zammad when you install it. There is no need to touch the code at all.


1 Like

Exactly this.
samaccountname usually does not contain any domain parts and would qualify perfectly as login name.

If you have both email address and login being different, you can use both types to login if needed.

1 Like

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.