We are trying to use LDAP login feature, and Active Directory requires the username with its domain name like "domain\user". But there is no "Domain name" setting in the page, as we would like to keep this ldap settings per tenant, we cannot add the domain name prefix to username with a hard-coded domain name like described in here: https://docs.abp.io/en/commercial/latest/modules/account/ldap#customize-built-in-services
So I think an additional setting for Domain name would be useful in here, to not hard-code it and keep it tenant-based via settings page. As the current settings page is missing it, now we have to add a custom settings page for the domain name. What are your thoughts? Is there any alternative solution?
Thanks.
7 Answer(s)
-
0
hi
Active Directory requires the username with its domain name like "domain\user".
domain\user
is a good solution, then you can split the domain and username in your custom ldap service.You can also add a new setting and override the setting page.
-
0
Hi maliming, thanks for the response. But I didn't get what you mean by saying domain\user is a good solution.
Active Directory requires domain name with user name, but abp's ldap settings page do not have any domain name parameter, so as of now abp's ldap login feature cannot be used properly at least with default settings capabilities (I know that we can override methods to normalize user names, but it should not be hard-coded, and also be stored tenant based). I think it would be great to have domain name setting added to ldap login settings page in the next versions. Do you have any plans for that.
-
0
Active Directory requires domain name with user name
Can you share relevant documents?
-
0
Hi maliming,
I don't have any official documentation right now, explaining that we should use domain name. Maybe it could be found after a deep research. But when I try ldap bind without the domain name (just the username itself) I get the following error:
Invalid Credentials. Invalid Credentials. Result: 49. Method: ldap_parse_result. Details: errorMessage: 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839 matchedMessage:
And when I search the error, I saw that many people resolve this error by appending the domain name to the user name when making ldap bind. And when I append the domain name, problem is solved.
Examples:
https://stackoverflow.com/a/52474797/ https://stackoverflow.com/a/52725355/ https://stackoverflow.com/a/53442129/ https://stackoverflow.com/a/56896250/ https://stackoverflow.com/a/60112692/ https://stackoverflow.com/a/31692694/ https://stackoverflow.com/a/31692694/
-
0
hi
sample_user@sample_domain
I still think it would be easier to customize the built-in LDAP service.
You can create a feature request on Github
-
0
We can customize the LDAP service, but again we need to store the tenant based domain name setting somewhere. I think the current ldap login settings page is the best place for it, isn't it?
-
0
See https://github.com/abpframework/abp/issues/10927