AD Authentication / password changes for user accounts with custom UPN suffixes

Hi Folks,

 

I’m currently in major trouble while implementing a APM Active Directory integration at a customer site.

 

The customer has two (very legitimate and also somewhat common) requirements that are in combination somehow not well suited in the APM world…

 

• The customer AD environment hosts user accounts with multiple custom UPN suffixes (UPN = E-Mail address as recommended by Microsoft).
• The customer requires that the users can update/reset their user accounts through APM (lots of remote-only workers)

My problem with those two requirements is, that...

 

• APM does not support AD authentication for user accounts with UPN suffixes different to the AD Domain FQDN. The official workaround is to use LDAP authentication. (SOL12252)

   

• APM does not support password updates/resets for LDAP accounts. The official solution is to use AD authentication. (SOL15676)

   

My questions are...

 

• Do someone knows a workaround so that APM can be somehow tricked out to authenticate users where the UPN suffix =/= Domain FQDN or if APM developments are in the pipeline to implement a configurable UPN-Suffix-List for the Active-Directory AAA objects?
• Do someone knows a workaround to implement a password change/reset functionality for LDAP authentication?

Thanks in advance!

 

Cheers, Kai