Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1442
Views
0
Helpful
0
Replies

LDAP Authentication: sAMAccountName vs CN, which one to choose?

sirbulandkhan1
Level 1
Level 1

‎05-16-2020 04:29 AM - edited ‎05-16-2020 04:36 AM

I have following configuration in my organization & currently I am using LDAP_EMAIL_GROUP (CN) but if i want to use only LDAP_EMAIL_NAME (sAMAccountName), is it possible? & is there any option other than (memberOf), because I want to use sAMAccountName & assign the policy by myself, rather than first asking Windows team & waiting for them to add new account to particular group.

 

Below are sample configurations:

 

ldap attribute-map LDAP_EMAIL_GROUP
map-name memberOf Group-Policy
map-value memberOf "CN=dc.northzone,OU=Distribution Groups,DC=abc,DC=net,DC=ae" GroupPolicy1

 

ldap attribute-map LDAP_EMAIL_NAME
map-name sAMAccountName Group-Policy
map-value sAMAccountName "ABC.XYZ" GroupPolicy1

 

aaa-server AAA-GROUP protocol tacacs+
aaa-server AAA-GROUP (SECURITY-SERVICES) host 10.10.3.6
key *****
aaa-server LDAP-GROUP protocol ldap
aaa-server LDAP-GROUP (LDAP-VRF-EXTERNAL) host 10.6.24.22

ldap-attribute-map LDAP_EMAIL_GROUP

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents