Highlighted
Trusted Contributor.
Trusted Contributor.
610 views

Duplicate sAMAccountName in AD problem

Hi Experts,

We've integrate SM 9.52 with Active Directory for our customer. We map sAMAccountName in AD with name in operator table of SM. So user can log in SM using their AD user. The problem is our customer has 2 sites HO and North. 

I saw an user in HO has samAccountName, falcon.  And in the North Site, there is another user that has same sAMAccountName, falcon.

Normally, if they log in webmail (OWA), they must use different username e.g. north\falcon  for user in North site and falcon for user in HO.

In SM, only one user can log in because SM only use sAMAccountName to authorize user with AD. I have try to create user "north\falcon" in SM but it doesn't work. I also try to enable ldapstats in sm.ini. The sm.log show that SM only query with sAMAccountName and return only 1 result. For example:

LDAP: Query for ((sAMAccountName=falcon)) took 0.000000 seconds

LDAP: Query returned DN: CN=XXX,OU=XXXXX,OU=XXX,DC=north,DC=XXX,DC=com

Is there any way to config in SM, so both user can login SM normally use their AD account as they login to Webmail?

Please help me on this.

Thanks and Regards.

 

0 Likes
4 Replies
Highlighted
Super Contributor.. Super Contributor..
Super Contributor..

Re: Duplicate sAMAccountName in AD problem

Hello , 

i'm trying to understand the issue , but in fact i got confused . 

where is the issue exactly , 

do you have the same AD account created in both  sites . 

what is meant by site here , subdomain ? or aother domain in the AD forst ?

please try to explain the AD structure , i may be able to help you 

 

Thanks and Best Regards
------------------------------
Amr Salah
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Duplicate sAMAccountName in AD problem

Hi Timberwolf,
Each AD user has a distinguished name; you can set it as a different value from the operator name field. So my suggestion, get the DN of each one and set it on the operator level > security tab > DN field.. (just copy the user one)
Let me know the result 🙂
Good LUCK!
Regards,
Breno Abreu

If you feel this was helpful please click the KUDOS! thumb below!
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: Duplicate sAMAccountName in AD problem

Thanks Breno,

That's a solution for this. As your suggestion, I have to manually create an operator with name in syntax <domain>\<username> and map it with specific DN of user. Is there any way to do this automatically? Like, an user without an operator record log in SM with his user .e.g ho\falcon. Then SM will automatically create an operator record with name ho\falcon and DN field map with his DN in AD. And then the same for the his duplicate sAMAccountName user e.g. falcon.

Thanks and Regards,

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: Duplicate sAMAccountName in AD problem

Hi Salah,

My AD structure is a tree with 3 branches. On top is ABC.com, and the next level we have 3 subdomain (ho.ABC.com ; north.ABC.com; south.ABC.com). 

Admin of 2 subdomain ho and north created 2 user with exactly same sAMAccountName .e.g falcon for ho and north. SM only use sAMAccountName falcon as the user to authorize with AD. So it only query with filter sAMAccountName = falcon, and AD only return 1 result. That's why only 1 user can login SM.

I'm asking if there are any configuration that SM can use query syntax to AD like <domain>\<sAMAccountName> so both users can login SM normally as they do in Webmail (OWA).

Thanks and Regards,

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.