CirrocumulusWhy is it so hard to setup MS AD auth for username => email address.
I have to set and then reset the username session variable to utillise the MS AD Auth module - seems silly
MVPI see that others have the same complaint, so you are right :)
You can see this if it helps:
https://devcentral.f5.com/s/question/0D51T00006i7etx/apm-ldap-auth-using-email-address
Also with variable assign agent you can make the users just to type the name and then add "@domain.com":
https://devcentral.f5.com/s/question/0D51T00006i7cnk/how-to-add-domain-name-string-in-the-apm-variable-assign
CirrocumulusDone some more work on this.
so the key bits seem to be
session.logon.last.username
session.logon.last.logonname
session.logon.last.domain
for examples presume my email is alex@example.com
now on the logon page, if use split domain
if you have split to true then you get
session.logon.last.username alex
session.logon.last.logonname alex@example.com
session.logon.last.domain example.com
if you have it set to no you get
session.logon.last.username alex@example.com
session.logon.last.logonname alex@example.com
session.logon.last.domain
notice domain is not set.
Why do f5 do this, why is the option there.... I think - i presume, its for MS AD Auth widget in VPE, they do a search on samaccount name which is usually just the short name ... sigh ..
now the session name seen in the gui is based on
session.logon.last.username
so I use split equals yes .. and then the next step i do is variable assign
session.logon.last.username = session.logon.last.logonname
and I have stopped using the MS AD auth and just use LDAP Auth against the AD servers. Makes life a lot simplier