[ZendTo] alternate AD attribute

Thu May 2 20:00:19 BST 2019

Username, but it looks like it’s more complicated. I just got out of a meeting and one of the AD admins gave me several examples of student attribute listing. Looking at the attributes and their values there isn’t actually a specific username, there is a unique identifier by way of an ID number; and then there are several different attributes with the student’s e-mail address.

So I think for right now I may have to hack together a fix for my specific problem and then talk to you about a possible way to incorporate it into the code in a more general way that may be useful for others. 🤷‍♂️

If I’m reading the NSSADAuthenticator.php correctly, you compare their username against “sAMAccountName” but before you do that if someone logged in with an e-mail address, you remove the @domain part.
I don’t suppose the @domain that gets chopped off is stored in a variable that I could use for comparisons to force a different search using the full e-mail address against a different attribute? If not I’ll work out something.

Again thanks for any help you can provide.

------------------------------------------------------
Travis Zimmerman tzimmerman at fsu.edu<mailto:tzimmerman at fsu.edu> 850-645-8030
Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu<mailto:its-linuxadmins at fsu.edu>
Information Technology Services, Florida State University

On Apr 30, 2019, at 4:46 AM, Jules Field <Jules at Zend.To<mailto:Jules at Zend.To>> wrote:

Travis,

Do you mean an alternate attribute for the username, or an alternate attribute from which to read the user's email address?
I'm rather assuming the latter, but may be wrong...

Currently it reads the user's email address from the "mail" attribute in AD; is it the string "mail" that you want to be able to change for a particular AD forest?

Cheers,
Jules.

On 29/04/2019 19:44, Travis Zimmerman via ZendTo wrote:
Would it be possible to add a variable to the AD auth config to use an alternate attribute for the username?
Something like: ‘authLDAPAltAttr’     =>    ‘preferredEmail’,

Our Microsoft sysadmins had to setup a different AD for students on a different domain (my.fsu.edu<http://my.fsu.edu/>) from the one used by faculty and staff (fsu.edu<http://fsu.edu/>). For some reason at the time they had to store the student e-mail address in a different attribute than the standard attribute, in the normal attribute they are storing a student ID number.

Up until now I worked around this problem by using the IMAP authentication, not as nice as AD but it did the job to allow students to authenticate in, receive e-mail from the ZendTo server, and view drop-offs for them in their Inbox.

We got a new CIO at my university about a month ago and it has been decided to shutdown IMAP and SMTP completely, in favor of MAPI with MFA only. I found out that this change was being talked about last week, upper management came to a decision last Friday and plan to go ahead with this change starting next week.

I appreciate all the work you’ve put into ZendTo over the years.

------------------------------------------------------
Travis Zimmerman tzimmerman at fsu.edu<mailto:tzimmerman at fsu.edu> 850-645-8030
Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu<mailto:its-linuxadmins at fsu.edu>
Information Technology Services, Florida State University

_______________________________________________
ZendTo mailing list
ZendTo at zend.to<mailto:ZendTo at zend.to>
http://jul.es/mailman/listinfo/zendto<https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwMDaQ&c=HPMtquzZjKY31rtkyGRFnQ&r=TZ3x4Nnv5Pp03uwRWF9UlLOaC296m8a1MGVEkWJljsg&m=Ky15pezwlDoQcfjl_3RZsdfB5VdZYIPMvFC_uDgO6YA&s=EcKKZFVwDujx3aSUu3dGlvXh-eVwOT-rNcQuXml2qJw&e=>

Jules

--
Julian Field MEng CEng CITP MBCS MIEEE MACM

'What happened in the past that was painful, has a great deal to
 do with what we are today.' - William Glasser

www.Zend.To<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.Zend.To&d=DwMDaQ&c=HPMtquzZjKY31rtkyGRFnQ&r=TZ3x4Nnv5Pp03uwRWF9UlLOaC296m8a1MGVEkWJljsg&m=Ky15pezwlDoQcfjl_3RZsdfB5VdZYIPMvFC_uDgO6YA&s=7VwiZXK634fmUzQAubkdp5Qajj1qVnqk1n-f4bggYLU&e=>
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20190502/9fb72688/attachment-0001.html>