Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support LDAP login based on sAMAccountName instead of the email #3849

Open
2 tasks done
anuviswa opened this issue Nov 15, 2024 · 3 comments
Open
2 tasks done

Support LDAP login based on sAMAccountName instead of the email #3849

anuviswa opened this issue Nov 15, 2024 · 3 comments

Comments

@anuviswa
Copy link

Preflight Checklist

  • I agree to follow the Code of Conduct that this project adheres to.
  • I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

Is there a way to login a user based on the sAMAccountName instead of the email id using the LDAP connector? There are many legacy customers who would like to logon users using their configured sAMAccountName.

Proposed Solution

Support LDAP login based on sAMAccountName in addition to email based login.

Alternatives Considered

No response

Additional Information

No response

@jsquyres
Copy link

We would be happy to create a PR for this functionality if the Dex community would be interested in it. Should we do so?

@nabokihms @sagikazarmark Similar to #1058 (comment), I'm pinging you because it looks like you both have recent commits in Dex, and you are both listed in MAINTAINERS.

@nabokihms
Copy link
Member

Didn't get the cause of the issue. Could you please educate me what you want to change in Dex to make it work?

@anuviswa
Copy link
Author

anuviswa commented Jan 1, 2025

Thanks @nabokihms for your response.

Currently in the dex config file, the userSearch section can be configured with "username: mail" to search for the user based on the email. Similarly if "username: sAMAccountName" is specified, the user search will happen based on the sAMAccountName attribute. But there is no way to do the user search based on either mail OR sAMAccountName.

Any filter specified in the "filter" section gets AND' with the username filter as seen here:

filter = fmt.Sprintf("(&%s%s)", c.UserSearch.Filter, filter)
.

Could we add a special filter for username that allows OR:

||(<attribute1>=<username>) (<attribute2>=<username>)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants