Currently we use LDAP based authentication with short usernames.
To use certificate based authentication it would be necessary to recreate each account with a different username. As we use UPN (UserPrincipalName) as uniq identifier in our Smartcards both authentication schemes at the same time are not possible.
Possible Solutions
Users could possibly have an additional (external) attribute that can be used for authentication.
The x509 authentication could be made configurable which attribute is used.
Alternatively fullname attribute could be used (if mapable).
Request Type
Feature Request
Work Environment
Problem Description
Currently we use LDAP based authentication with short usernames. To use certificate based authentication it would be necessary to recreate each account with a different username. As we use UPN (UserPrincipalName) as uniq identifier in our Smartcards both authentication schemes at the same time are not possible.
Possible Solutions
Users could possibly have an additional (external) attribute that can be used for authentication. The x509 authentication could be made configurable which attribute is used. Alternatively fullname attribute could be used (if mapable).