EWC ldap enterprise settings: how to add a search_filter for sAMAccountName


(Peter Michael Gits) #1

using the EWC ldap setup, where do I place the

"search_filter": "(&(sAMAccountName={username})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
to allow uid to essentially now search of sAMAccountName?

backend = ldap
backend_kwargs = {"bind_dn": "ldapxxx@fnetworks.com", "bind_password": "xxxx", "base_ou": "OU=Users,OU=XXXX,DC=fnetworks,DC=com", "group_dns": ["OU=Users,OU=XXX,DC=fnetworks,DC=com", "OU=Users,OU=XXXX,DC=fnetworks,DC=com"], "scope": "subtree", "host": "xxx.fnetworks.com", "port": xxx, "debug":true, "group_dns_check": "or", **"search_filter": "(&(sAMAccountName={username})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"** }

(W Chan) #2

You can review the list of configurable options for the LDAP backend at https://bwc-docs.brocade.com/authentication.html#ldap-enterprise-edition. So if I’m reading your question correctly, you want to use the sAMAccountName instead of the uid. You can override id_attr (defaulted to uid) in the backend_kwargs.


(Peter Michael Gits) #3

Perfect. I’ll give it a try.

Cheers,

Peter