greg.fenton
Forum Replies Created
-
Another interesting feature would be an option to fail the user creation if the email address does not exist in the AD record. Currently I see that I have a few test users in AD that don’t have mail values. Right now, ADI creates a user account if the email is blank (though subsequent users fails with “This email address is already registered.”).
You want it here or via email? If email, what address?
Thanks,
Hi Christoph,
Yes, I have tested just this morning and it works great. Thank you!
…except…
So now I can log in with @corp-internal.local, but the call to get_userinfo() is coming back empty. I am not sure if this is an AD configuration where corp-external.local should be automatically passing thru the request to corp-internal.local, or if the plugin needs to be smart enough to fetch details from one AD for @corp-external and a different AD for @corp-internal.
Thoughts?
Awesome! I’m ready to test right about……now!
??
Thanks!
BTW: is this a big change? Would it take long to implement?
Yes, I have no problem telling the @corp-internal.local folks to log in with their full domain name. Many apps already force the users to do that just to do RDC or map network drives, especially in organizations with multiple domains.
If someone signs on with “paul”, then they would indeed authenticate as “[email protected]”. If they really are internal, they need to log in as “[email protected]”.
Thanks.
Hi glatze,
What about allowing having the suffix set (e.g. @corp-extern.local), but if a user logs in with a domain (e.g. [email protected]) then you pass that thru without appending the set suffix?
Thoughts?
Thanks.
BTW: have you tried just using base_dn: dc=XXX,dc=com ?
Are you sure of your base_dn setting? Might that be ou=Users,dc=XXX,dc=com (i.e. not cn=Users)?
Same here. I posted in another thread but just to be sure, here is our scenario:
Similar issue here: corp-intern.local and corp-extern.local There is a trust relationship (extern trusts intern). But the users are under different Base DNs.
In fact, since we’re opening this conversation up, what if the users you want to allow are also in different groups between the domains (e.g. internal-web vs. external-web)? And what if we want different default roles for each group (e.g. internal-web -> contributor vs external-web -> subscriber)?
Thanks!
Similar issue here: corp-intern.local and corp-extern.local There is a trust relationship (extern trusts intern). But the users are under different Base DNs.
Possible? Thoughts?
Thanks.
But fonglh, what do you do when the data in the SQL dump includes URLs embedded in serialized PHP objects? Changing the URLs changes their lengths, thus the serialization values also need changes (the right amount) or the data will fail to deserialize. A simple search/replace on the dump will ruin data.