Forum Discussion

Jason_46956's avatar
Jason_46956
Icon for Nimbostratus rankNimbostratus
Nov 07, 2011

Using different field to identify user when using Active Directory as AAA server

All,     As the Subject/Summary says - we would like to use an alternate field for the identification of the user.     We were previously using LDAP and it was a simple matter to customise...
config
design
Kurt_Knochner_5's avatar
Kurt_Knochner_5
Icon for Cirrus rankCirrus
Nov 08, 2011
What we would like is for the user to be able to use their email address instead of using their sAMAccountName to identify themselves.

 

 

O.K. let's narrow this down. Are you talking about the e-mail address or about the user principal name (UPN: usernam@domain), which looks like an e-mail address, but it's not? The later one might be easier, as this would probably just require a change of the user attribute to userprincipalname (instead of samaccountname).

 

 

If it's really the e-mail address, then you would need an iRule to query the LDAP server and get the attribute samaccountname, however there is no easy way to query the LDAP server within an iRule, other than implementing the LDAP protocol at TCP level. See this link as a starting point: http://devcentral.f5.com/wiki/iRules.LDAPProxy.ashx.

 

 

Regards

 

Kurt Knochner