search

matrix-org / matrix-synapse-ldap3

An LDAP3 auth provider for Synapse
Apache License 2.0
125 stars 47 forks source link

Numeric sAMAccountName #55

Open jkms opened 5 years ago

jkms commented 5 years ago

My problem is that all of my AD users account names are numeric. When I attempt to login using sAMAccountName, I get a SynapseError: 400 - Numeric user IDs are reserved for guest users message in the logs.

Changing my user accounts isn't a possibility. I was able to login when I changed the uid property to mailNickname, but it will be difficult/impossible to train my users to login with that property when they are so used to logging in with sAMAccountName.

Is it possible to prepend a string the uid?

What I mean is, a user logs into the homeserver with

ldap3 looks up #####, and verifies the password, and then logs them in as @user_#####:matrix.example.com?

Or, maybe there's a better solution?

password_providers:
 - module: "ldap_auth_provider.LdapAuthProvider"
   config:
     enabled: true
     uri: "ldap://ldap.example.com:389"
     start_tls: true
     base: "OU=ou,DC=example,DC=com"
     attributes:
        uid: "sAMAccountName"
        mail: "mail"
        name: "cn"
     bind_dn: "CN=bind,DC=example,DC=com"
     bind_password: "bindpassword"

Thanks, --John

jkms commented 5 years ago

Although I haven't gotten this working 100% yet, it seems that mxisd is the appropriate way to solve this problem.

pkrolkgp commented 3 years ago

Although I haven't gotten this working 100% yet, it seems that mxisd is the appropriate way to solve this problem.

Can you tell how you manage to workaround this?

tustunkok commented 2 years ago

I have the exact same problem. Surely there should be a better solution than using just another identity server.

reivilibre commented 1 year ago

This does seem like a valid issue at the very least — I'm indeed aware of companies where employees log in with a numeric name, so it may not be pretty but it is a real effect that would be good to have a solution for.

I think we would accept a PR that addresses this :)

clokep commented 1 year ago

Related to matrix-org/synapse#7795 / matrix-org/synapse#9545 for the SSO case.

tustunkok commented 1 year ago

~I tried to fix it like this: https://github.com/tustunkok/matrix-synapse-ldap3/commit/04e1f388ceb47b64b5985956dc61e42c0459d895~

~Not sure it is correct though.~

The new commit link: https://github.com/matrix-org/matrix-synapse-ldap3/pull/179/commits/8a3b5e0cf0861b18ab6a291eb0768d831e40e63d

I have tested the commit in a local installation.