This site is in read only mode. Please continue to browse, but replying, likes, and other actions are disabled for now.

⚠️ We've moved!

Hi there!

To reduce project dependency on 3rd party paid services the StackStorm TSC has decided to move the Q/A from this forum to Github Discussions. This will make user experience better integrated with the native Github flow, as well as the questions closer to the community where they can provide answers.

Use 🔗 Github Discussions to ask your questions.

EWC ldap enterprise settings: how to add a search_filter for sAMAccountName

Platform RBAC
#1

using the EWC ldap setup, where do I place the

"search_filter": "(&(sAMAccountName={username})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
to allow uid to essentially now search of sAMAccountName?

backend = ldap
backend_kwargs = {"bind_dn": "[email protected]", "bind_password": "xxxx", "base_ou": "OU=Users,OU=XXXX,DC=fnetworks,DC=com", "group_dns": ["OU=Users,OU=XXX,DC=fnetworks,DC=com", "OU=Users,OU=XXXX,DC=fnetworks,DC=com"], "scope": "subtree", "host": "xxx.fnetworks.com", "port": xxx, "debug":true, "group_dns_check": "or", **"search_filter": "(&(sAMAccountName={username})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"** }
#2

You can review the list of configurable options for the LDAP backend at https://bwc-docs.brocade.com/authentication.html#ldap-enterprise-edition. So if I’m reading your question correctly, you want to use the sAMAccountName instead of the uid. You can override id_attr (defaulted to uid) in the backend_kwargs.

#3

Perfect. I’ll give it a try.

Cheers,

Peter