AD auth - userPrincipalName

Help
1

hello

i need some help to get librenms running with userPrincipalName.
as described here https://github.com/librenms/librenms/issues/4281 currently only possible with samaccountname.

i have checked the files and found the first issue in ActiveDirectoryAuthorizer.php. i changed the line:
if (!empty($credentials['username']) && !empty($credentials['password']) && ldap_bind($this->ldap_connection, $credentials['username'] . '@' . Config::get('auth_ad_domain'), $credentials['password'])) {
to:
if (!empty($credentials['username']) && !empty($credentials['password']) && ldap_bind($this->ldap_connection,$credentials['username'],$credentials['password'])) {
after that no error visible in frontend.

But librenms.log still shows:
production.ERROR: Auth Error (active_directory): No user (-1) [[email protected]]

in which file i have to change the samaccountname to upn to fix the auth error?

thanks
br
Jana

2

perhaps you should be logging in with the full UPN then. (AKA [email protected])

3

i want to use userPrincipalName not samaccount name at local domain.

User Object:
domain: example
logonname: jafi
upn: [email protected]

so i dont want to login with jafi@example. i want to use [email protected]

4

Hi,

I modified the active_directory mechanism to be able to use the UserPrincipalName as the login username.

By default, it still uses sAMAccountName as username in order to don’t break running configuration.

I took the opportunity to rearrange the display order of the active directory parameters in Global Settings > Authentication > Active Directory.

I was about the create a pull request for these changes : Github compare

Screen Shot 2020-03-23 at 10.20.59 pm
Screen Shot 2020-03-23 at 10.20.59 pm1598×1004 140 KB

But I don’t know anymore… with this version if you switch from samaccountname to userprincipalname it will create a new user with an username like [email protected]. Like on this picture :

Screen Shot 2020-03-23 at 11.01.49 pm
Screen Shot 2020-03-23 at 11.01.49 pm1510×566 46.7 KB

Should I try to work on an other implementation, in order to be able to login with either the samaccoutname or userprincipalname, but always use the samaccountname as username in the librenms database ?
I think my first version was working like that but I didn’t like that the username was displayed as samaccountname instead of UPN…

5

I do not have this dropdown username attribute:

librenms
librenms1113×599 17.2 KB

i only want to use upn for login, librenms can still use the logonname.

6

The dropdown menu for Username attribut come with my patch, but I will try to work on an other version in order to use the same user for either sAMAccountName or UserPrincipalName.

7

thank you so much for sharing this.

works great now with upn, only got in logfile:
production.ERROR: Auth Error (active_directory): No user (-1) [[email protected]]
do you know where this come from?

8

You should revert the changes and instead try this pull request #11343

:slight_smile:

9

Wow, I had asked about this in 2017… Feature request: AD auth - userPrincipalName Glad to see this might happen!