Talk:LDAP authentication

Jump to: navigation, search

The explanation in the User attribute section below is a bit confusing:

User lookup settings

Field name Value to fill in
User attribute The attribute used to name/search users in your LDAP tree. This option takes a default value based on the User type value you chose above. So unless you need something special, you don't need to fill this in.

By the way, it's usually cn (Novell eDirectory and MS-AD) or uid (RFC-2037, RFC-2037bis and SAMBA 3.x LDAP extension), but if you are using MS-AD you could (and have to, if you intend to use NTLM SSO) use sAMAccountName (the pre-Windows 2000 logon account name) if you need too.


First it says, "unless you need something special, you don't need to fill this in". Then that statement is slightly contradicted by "but if you are using MS-AD you could (and have to, if you intend to use NTLM SSO) use sAMAccountName (the pre-Windows 2000 logon account name) if you need too"

So, if you're using MS-AD and you want to use NTLM SSO do you have to use sAMAccountName?

In the LDAP Authentication Problem Using Moodle forum message Iñaki says "you should set 'userattribute' setting to 'samaccountname' if you want to use the Windows account name to log in". What should you do if you DON'T want to use the Windows account name to log in?

What will happen if you specify cn instad of sAMAccountName in that User attribute field?

Can we clarify here when you should and should not use samaccountname and cn with MS-AD?

--Luis de Vasconcelos 20:45, 25 April 2012 (WST)