Login with sAMAccountName and/or userPrincipalName from Active Directory

[Vinícius Ferrão <ferrao [at] if.ufrj.br>]

Hello guys,

I'm trying to setup authentication from Active Directory in FreeBSD 10.0 using 
nslcd (nss-pam-ldapd-sasl package) and would like to allow both sAMAccountName 
and userPrincipalName as valid login attributes in the server.

I don't know if it's possible to use this specific configuration.

Here are my actual mappings in /usr/loca/etc/nslcd.conf

        # Do not allow uids lower than 1000 to login (aka Administrator)
        nss_min_uid 1000
        # Disallow disabled accounts to login
        pam_authz_search (!(userAccountControl:1.2.840.113556.1.4.803:=2))

        #filter passwd (&(objectClass=user)(!(objectClass=computer)))
        #map passwd uid sAMAccountName
        filter passwd 
(&(objectClass=user)(userPrincipalName=*)(!(objectClass=computer)))
        map passwd uid                  userPrincipalName
        map passwd uidNumber            objectSid:S-1-5-21-NULL-NULL-NULL
        map passwd gidNumber            primaryGroupID
        map passwd gecos                displayName
        map passwd homeDirectory        
"${unixHomeDirectory:-/home/$sAMAccountName}"
        map passwd loginShell           "${loginShell:-/bin/tcsh}"

        filter group (objectClass=group)
        map group cn                    sAMAccountName
        map group gidNumber             objectSid:S-1-5-21-NULL-NULL-NULL

I'm not sure if I should modify nslcd or what I'm looking should be achieved 
with pam.

Thanks in advance,
Vinícius
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/