Open jkms opened 5 years ago
Although I haven't gotten this working 100% yet, it seems that mxisd is the appropriate way to solve this problem.
Although I haven't gotten this working 100% yet, it seems that mxisd is the appropriate way to solve this problem.
Can you tell how you manage to workaround this?
I have the exact same problem. Surely there should be a better solution than using just another identity server.
This does seem like a valid issue at the very least — I'm indeed aware of companies where employees log in with a numeric name, so it may not be pretty but it is a real effect that would be good to have a solution for.
I think we would accept a PR that addresses this :)
Related to matrix-org/synapse#7795 / matrix-org/synapse#9545 for the SSO case.
~I tried to fix it like this: https://github.com/tustunkok/matrix-synapse-ldap3/commit/04e1f388ceb47b64b5985956dc61e42c0459d895~
~Not sure it is correct though.~
The new commit link: https://github.com/matrix-org/matrix-synapse-ldap3/pull/179/commits/8a3b5e0cf0861b18ab6a291eb0768d831e40e63d
I have tested the commit in a local installation.
My problem is that all of my AD users account names are numeric. When I attempt to login using
sAMAccountName
, I get aSynapseError: 400 - Numeric user IDs are reserved for guest users
message in the logs.Changing my user accounts isn't a possibility. I was able to login when I changed the
uid
property tomailNickname
, but it will be difficult/impossible to train my users to login with that property when they are so used to logging in with sAMAccountName.Is it possible to prepend a string the
uid
?What I mean is, a user logs into the homeserver with
ldap3 looks up #####, and verifies the password, and then logs them in as @user_#####:matrix.example.com?
Or, maybe there's a better solution?
Thanks, --John