[Plugin: Active Directory Integration] Multiple Organizational Unit

Hi Greg,
looks like a good idea. It should be easy to implement. I’ll have a look at the code.

Hi Greg,
we have a little problem here. Let’s assume the following:

• Account Suffix: corp-internal.local
• Append Account Suffix to new created users: off
• Auto Create User: on
• 1st Account: [email protected]
• 2nd Account: [email protected]

[email protected] logs on as “paul” the first time. User “paul” is created. Now [email protected] logs on as “[email protected]”. What should happen now? Should the user created be named “paul”? That won’t work, because we already have that user. The only option seems to be, that we create the user ” [email protected]”. Is this what you want?

Yes, I have no problem telling the @corp-internal.local folks to log in with their full domain name. Many apps already force the users to do that just to do RDC or map network drives, especially in organizations with multiple domains.

If someone signs on with “paul”, then they would indeed authenticate as “[email protected]”. If they really are internal, they need to log in as “[email protected]”.

Thanks.

BTW: is this a big change? Would it take long to implement?

No, it is not. Only a few lines. I’ll commit a development version soon, so you can do some tests before I release a new version.

Awesome! I’m ready to test right about……now!

??

Thanks!

Ok. I have committed a new development version. The latest development version can be found here: https://downloads.www.ads-software.com/plugin/active-directory-integration.zip

Give it try to see if it works as you aspected. And don’t forget to give me some feedback. If all works fine, I’ll release 1.1.2.

Hi Greg,
have you tested the development version? Please send me some feedback.

Greetings from Germamy
Christoph

Hi Christoph,

Yes, I have tested just this morning and it works great. Thank you!

…except…

So now I can log in with @corp-internal.local, but the call to get_userinfo() is coming back empty. I am not sure if this is an AD configuration where corp-external.local should be automatically passing thru the request to corp-internal.local, or if the plugin needs to be smart enough to fetch details from one AD for @corp-external and a different AD for @corp-internal.

Thoughts?

Could you please send me the output of the test tool for both types of users? (Don’t forget to remove security relevant information.)

You want it here or via email? If email, what address?

Thanks,

Another interesting feature would be an option to fail the user creation if the email address does not exist in the AD record. Currently I see that I have a few test users in AD that don’t have mail values. Right now, ADI creates a user account if the email is blank (though subsequent users fails with “This email address is already registered.”).

Sorry Greg, I forgot to give you my address: [email protected]

ADI creates a user account if the email is blank (though subsequent users fails with “This email address is already registered.”).

This seems to be a bug. ADI should try to give every user a unique email address if none exists. But the feature you request sounds good. Please leave a feature request on https://bt.ecw.de.