[LDAP] Active Directory authentication using sAMAccountName

Submitted by gael.tarot on Thu, 01/05/2017 - 14:08
1
0
-1

Hello everybody,

My company was recently bought by another one and we are migrating all our applications, including Bonita.
For now, we are using the Active Directory authentication for our users with their Windows IDs, also known as sAMAccountName (old userPrincipalName was first letter of firstname + lastname, for e.g. gtarot and equivalent to the sAMAccountName) and we absolutely want it to remain like this.

We are using Bonita 7.3.3, under a jBoss server, which is well configured and working fine.
The main problem is that on our new organization, the userPrincipalName is different from the sAMAccountName (it's Firstname.LastName)....

So, I want the users to login with their sAMAccountName. In this purpose, I modified the standalone.xml file :

<security-domain name="BonitaAuthentication-1">
        <authentication>
        <login-module code="com.sun.security.auth.module.LdapLoginModule" flag="required">
                <module-option name="userProvider" value="ldap://ldapserver:389/ou=Sites,dc=local,dc=domain"/>
                <module-option name="userFilter" value="(&(objectCategory=Person)(objectClass=user)(sAMAccountName={USERNAME})"/>
                <module-option name="authIdentity" value="{USERNAME}"/>
                <module-option name="useSSL" value="false"/>
                <module-option name="debug" value="false"/>
        </login-module>
        </authentication>
</security-domain>

Unfortunately, these settings are not working, I have no exception but the logs indicate :

12:31:18,744 INFO  [stdout] (http--10.11.255.26-443-1)          [LdapLoginModule
] user provider: ldap://ldapserver:389/ou=Sites,dc=local,dc=domain
12:31:18,763 INFO  [stdout] (http--10.11.255.26-443-1)          [LdapLoginModule
] searching for entry belonging to user: gtarot
12:31:18,768 INFO  [stdout] (http--10.11.255.26-443-1)          [LdapLoginModule
] authentication failed
12:31:18,775 INFO  [stdout] (http--10.11.255.26-443-1)          [LdapLoginModule
] aborted authentication

I've also tried other settings, I still have the same error...

Here are my questions :
- Is it possible to use the sAMAccountName instead of userPrincipalName to authenticate to the Bonita portal (I'm pretty sure that it can be done...)?
- If this is possible, how can I do it?

Thank you very much for your answers!

Gaël

1 answer

Submitted by Sean McP on Fri, 01/06/2017 - 05:44
1
0
-1

As it looks like you are using Subscription I would direct this question directly to Bonitasoft Support.

Community Forums do not use LDAP so we would not be able to help you.

regards
Seán

PS: While you may not like the answer, it gives a possible solution, please mark as resolved.

Notifications