We relies for authentication over the Configuration -> 3rd Party -> LDAP
Click over Update the AD domain already configured.
Go to "Custom Field Mapping" tab to check both AD attributes:
- Subject Name = distinguishedName
- Subject AltName = userPrincipalName
Example values for user Mickey are in MS AD:
- distringuedname = CN=Mickey Mouse,OU=pam,DC=ADIdentity,DC=com
- userPrincipalName =
[email protected]- sAMAccountName = MOUMI01
- When trying authenticate using one of this values in PAM Client can login with both information this is login successfully:
1. - UserName: MOUMI22 (The value for userPrincipalName)
- Authentication Type: LDAP
- Authentication OK
2. - UserName: MOUMI01 (The value for sAMAccountName)
- Autnentication Type: LDAP
- Authentication OK
3. Additionally to UPN it's necessary also to change distinguishedName in AD from "CN=Mickey Mouse,OU=pam,DC=ADIdentity,DC=com" to same than UPN: "CN=MOUMI22,OU=pam,DC=ADIdentity,DC=com" and do a new Group Refresh in CA PAM
In this way CA PAM will show same UPN and distinghishedName from MS AD the same.