I have 2 users in my AD installation with the same CN
CN=jack,CN=Users,DC=xyz,DC=com and
CN=jack,OU=abc,DC=xyz,DC=com
When I try to authenticate to the AD Server using the Apache Directory Studio client and give the following credentials
User: jack
Password: <password>
the authentication fails. The following credentials work
User: CN=jack,CN=Users,DC=xyz,DC=com
Passwprd: <password>
When I have only a single user CN=tom,DC=xyz,DC=com with a given CN
I am able to login with
User: tom
Password: <password>
without having to specify the entire DN (CN=tom,DC=xyz,DC=com) .
I need to write a module to authenticate users against an AD installation. I have with me only the usernames and passwords and not the fully qualified BASE DNs. I cannot bind to the AD server to be able to use filters like (&(objectCategory=person)(objectClass=user)(sAMAccountName=jack)). How do I do this as the problem it seems happens when there are more than one user with the same CN ?
EDIT: Can I configure the AD server to bind against mail address/sAMAccountName of the users instead of CN ? This would solve my problem as these are unique while CN’s are not
I found the attribute I was looking for –>
userPrincipalName(UPN) . This has a unique value in Active Directory and can be supplied as the user name while attempting to authenticate. So now I need a list of UPNs and the corresponding passwords for login.Check here too.