Closed rbeghin closed 3 years ago
sawest
commented
5 years ago SAM accounts are limited to 20 characters, therefore, a username that is longer than 20 characters is invalid and doesn't exist in AD. I cant think of a reason to pursue authenticating a user that doesn't exist in AD. This is an AD Authentication Provider.
rbeghin
commented
5 years ago I'm sorry if i didn't describe this clearly. the user accounts are in active directory. previous version of module permitted long usernames to successfully login using UPN format. this is expected as UPN supports up to 64 character. the current version does not allow long usernames to login using UPN format but will allow that person to login successfully if the truncate their username to 20 characters and drop the @domain.com UPN fomatting. I'm hoping to see this version of the module act the way of previous versions permitting successful authentication of up to 64 character UPN formatted usernames. thanks
-------- Original message -------- From: Steven A West notifications@github.com Date: 2018-12-14 2:12 PM (GMT-07:00) To: "DNNCommunity/DNN.ActiveDirectory" DNN.ActiveDirectory@noreply.github.com Cc: rbeghin robnetmanager@hotmail.com, Author author@noreply.github.com Subject: Re: [DNNCommunity/DNN.ActiveDirectory] Long Names Cannot Login with UPN format (#56)
SAM accounts are limited to 20 characters, therefore, a username that is longer than 20 characters is invalid and doesn't exist in AD. I cant think of a reason to pursue authenticating a user that doesn't exist in AD. This is an AD Authentication Provider.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/DNNCommunity/DNN.ActiveDirectory/issues/56#issuecomment-447480699, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AarGcVcdoD9pz8_Cd5GHpCshFU5y6-nvks5u5BQrgaJpZM4ZFdDr.
rbeghin
commented
5 years ago please reopen this issue
sawest
commented
5 years ago Please give detailed steps to reproduce including exact usernames in UPN format.
rbeghin
commented
5 years ago This problem occurs for all Active Directory users with usernames longer than 20 characters. For example: AD functional level: Windows Server 2008 AD Firstname: Josephine AD Lastname: Reallylongname AD Display name: Josephine Reallylongname AD User longon name: Josephine.Reallylongname@domain.com <<<<UPN format User longon name (pre-Windows 2000): Josephine.Reallylong
In DNN 7 AD module would authenticate Josephine.Reallylongname@domain.com successfully. In DNN 9 with current AD module the UPN logon name Josephine.Reallylongname@domain.com cannot login. However, if the user the pre-Windows 2000 formatted login: Josephine.Reallylong they are able to successfully login.
I am hoping to be able to have the same functionality for long login names that was in previous versions.
Thanks
sawest
commented
5 years ago This issue is fixed in version 7.00.00. Please update and verify.
Describe the bug
Long Names Cannot Login with UPN format
Software Versions
To Reproduce
Steps to reproduce the behavior:
1.Attempts to login using UPN formatted username fails when username (to the left of the @ sign) is longer than 20 characters. DNN 9.2.2 DNN_ActiveDirectoryAuthentication 6.1.2
Current result
Login fails.
Expected behavior
Login should succeed for UPN format when username is less than 64 characters. Previous version of DNN with AD module UPN formatted logins succeed for long usernames.
Screenshots
If applicable, add screenshots to help explain your problem.
Error log
Note: Debug DLL's Please replace the current extension DLL's with the debug DLL's (if these are available with the release) and reproduce the error with the debug DLL's before pasting the error log.
Paste the error log that is related to this issue.
Additional context
I am aware of 20 character limitations for SAM usernames. However, the same long usernames are able to login to DNN ver 7 with AD module. The affected username can login using non-UPN format with username truncated to 20 characters. eg: domain\12345678901234567890 works but 1234567890123456789099999@domain.com does not work. It is my understanding that UPN login should work for up to 64 characters.