ppoggione

Thanks Curtiss. That did the trick. What was not apparent to me was that when appending the suffix to usernames, that it also appends it to the LDAP “bind user” sting. So my problem was not that the end user was not authenticating, it was that the LDAP lookup was failing because the binding account could not authenticate. I had put the full LDAP user context in the bind string cn=user name,cn=users,dc=mydomain,dc=org in the bind string and it worked great, so I was not suspect of it. Looking at the debug output made it apparent, then looking at the commented instructions on your configuration page made me realize that I violated rule #1, RTFM… Thanks for your help. It’s been a pleasure.

Curtiss. I’m no AD expert so I am learning each day. I’ve been looking for a utility that will let me diagnose in real-time LDAP connections to AD. NOrmal user authentication is just the username without and suffix. If I can find a way to view the LDAP conversation I can see what is going on. Do you have a suggestion?

Curtiss – Thanks for the quick reply! The setup that you describe is indeed how I am using it unfortunately. I am not appending a suffix to newly created users. I have left that option turned off. When I turn on “Append account suffix to AD usernames before being validated” and enter the domain suffix information, users can not log in at all not matter what credentials they enter. When I turn that option off they can authenticate using [email protected] only. Hopefully that explains my plight better. My apologies for the confusion.

I’m having a related issue although not “exactly” the same. Perhaps it is worth mentioning here. My school district just migrated to AD from OpenDirectory (for integration reasons). The problem I am having is that when I select the option to append a suffix to the username “@mydomain.org”, no one can log in. If I disable that option users can authenticate against AD no problem, but only if they input their userID in the form [email protected]. I prefer their user account to get created just as “username” and have them log in as such. I had no issues when using OpenDirectoy. This is a new WP setup so before I let users start logging in and having their accounts created, I would like to get this working properly. Perhaps there is something that I have overlooked, but This has been a straightforward textbook install. Thoughts?