gerrit LDAP authentication using email, not username

122 views
Skip to first unread message

tatrman

unread,
Jul 4, 2023, 4:19:14 AM7/4/23
to Repo and Gerrit Discussion
Hello there,

we need to change LDAP authentication from original username to email.

Our LDAP server is AD, at the moment we use default:
 
accountPattern = (&(obbjectClass=user)(sAMAccountName={username}))

Is it possible to change authentication on web interface to use email address associated with username instead of username?
Does this also impacts existing already existing user account?
What about ssh username?

Thank you for your time,

Kind Regards,
--
tatrman

tatrman

unread,
Jul 7, 2023, 4:41:14 AM7/7/23
to Repo and Gerrit Discussion
>Our LDAP server is AD, at the moment we use default:
> accountPattern = (&(objectClass=user)(sAMAccountName={username}))

Looks like even changing to existing attribute on AD server is not working:

accountPattern = (&(objectClass=user)(userPrincipalName={username}))

All I get is authentication failed in web interface.

--
tatrman


On Tue, Jul 4, 2023 at 10:19 AM tatrman wrote:
Hello there,

we need to change LDAP authentication from original username to email.

Our LDAP server is AD, at the moment we use default:
 
accountPattern = (&(objectClass=user)(sAMAccountName={username}))

Is it possible to change authentication on web interface to use email address associated with username instead of username?
Does this also impacts existing already existing user account?
What about ssh username?

Thank you for your time,

Kind Regards,
--
tatrman

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/cf03852e-c781-430a-872f-49e0291a106cn%40googlegroups.com.

Darren Beck

unread,
Jul 11, 2023, 7:22:42 PM7/11/23
to Repo and Gerrit Discussion
Hi Tatrman,

We use the following with AD to login via email:

accountPattern = (&(objectClass=person)(userPrincipalName=${username}))

Thanks,

Darren.
Reply all
Reply to author
Forward
0 new messages