How to support login using sAMAccountName or any other parameter in LDAP with Apache Shiro?

Question

I would like to authenticate and authorize the user with sAMAccountName with this Realm File .

final NamingEnumeration<SearchResult> searchResultEnum = ldapCtx.search(searchBase, "objectClass="+groupObjectClass, SUBTREE_SCOPE);

I tried the following things but it didn't work. I am trying to make this parameter (sAMAccountName) as configurable. By default its working with UserPrincipalName and name parameters.

case #1:

final NamingEnumeration<SearchResult> searchResultEnum = ldapCtx.search(searchBase, "(&(objectClass=*)(sAmAccountName={0}))", SUBTREE_SCOPE);

case #2:

final NamingEnumeration<SearchResult> searchResultEnum = ldapCtx.search(searchBase, "(&(objectClass=Person)(sAmAccountName={0}))", SUBTREE_SCOPE);

Do I need to configure something else also in order to support the login using sAMAccountName Parameter?

Answer 1

To use samAccountName, you will need to add the domainName. domainName\\samaccountname.

how do I remove this dependency of domain\\ in front of samAccountName? Note: I support multiple domains? AFIK, you can not. How would you know which domain the user is within without specifying the domain

I assume that the search base contains (DC=domain, DC=com) ,wouldn't be enough? Adding DC=domainName, DC=com should work IF you can "chase" referrals as there will be multiple contexts within the search.

Usually, depending on your setup, you could use CN=Users, DC=domainName, DC=Com and it would work without referrals.