Allowing logon or password reset with DOMAIN\username and just username

[rt...@toolsgroup.com]

Hi All,

I'm wondering if anyone can point me in the right direction to set up PWM in a way to allow users to be recognized both if trying to specify their user with "username" and the "DOMAIN\username" notation.

Right now I'm seeing that users trying to log on with just username are recognized, users trying with the domain notation are not.

We are using Active Directory.

[Jason Rivard]

You might try the setting: LDAP ⇨ LDAP Settings ⇨ Global ⇨ User Selectable LDAP Context/Profile

This will let the user select the LDAP Profile which should match your AD domains.  

[Adrian Bettesworth]

I am having a similar problem but slightly different.

I would like to have my users enter their username in the domain\username format and hide the domain context. I can hide the domain context using the option in the config but it appears that when I do that none of my users can log in. I have 6 different domain contexts behind the scenes but not sure that should matter?

Do you know if PWM supports having users enter their passwords in this format?

Thanks in advance.

[Jason Rivard]

There isn't support for domain\username format.  This format is invisible from an LDAP perspective.  Your best bet is to use email.  You can also change the login search filter to any other attribute, the default for AD is:

(&(objectClass=person)(|(sAMAccountName=%USERNAME%)(cn=%USERNAME%)(mail=%USERNAME%)))

If you can get an LDAP attribute populated with domain\username that would work.