Adapting `username` with Typoscript fails

Question

Adapting `username` with Typoscript fails

cdaecke opened this issue 2 years ago · comments

Like written in the documentation, I would assume, that I get firstname.lastname out of firstname.lastname@domain.local by using the following Typoscript in the LDAP configuration for be_users (field be_users_mapping), but I get an empty value:

username {
    field = userPrincipalName
    split {
        token =@
        cObjNum = 1
        returnKey = 0
        1.current = 1
        1.wrap = |
    }
}

Using the following works:

username {
    field = mail
    split {
        token =@
        cObjNum = 1
        returnKey = 0
        1.current = 1
        1.wrap = |
    }
}

Is there a reason, why I can't use userPrincipalName or is this a bug?

Xavier Perseguers · Answer 1 · Tue Jul 26 2022 16:35:48 GMT+0800 (China Standard Time)

The only reason I can think of is that somehow userPrincipalName is not a returned attribute from LDAP. For instance I remember that in some cases (or some LDAP configurations), the attributes are always lowercase.

When using the search wizard, do you confirm you really get a userPrincipalName attribute?

chris · Answer 2 · Tue Jul 26 2022 17:03:27 GMT+0800 (China Standard Time)

You are absolutely right, userprincipalname (all lowercase) is working:

username {
    field = userprincipalname
    split {
        token =@
        cObjNum = 1
        returnKey = 0
        1.current = 1
        1.wrap = |
    }
}

One more question:
How do you coop with the limitation of 20 characters in sAMAccountName? I thought, switching to userprincipalname would work and give me the full login name. The above example cuts of the "@domain.local" successfully and saves "firstname.lastname" as username in TYPO3 database, but the login is not working, because in LDAP field be_users_filter it checks against the full userprincipalname, which obviously can't work:

(&(objectCategory=Person)(userprincipalname={USERNAME})(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

PS: Thanks for the hint to the search wizard, I never had a close look on it.

Xavier Perseguers · Answer 3 · Tue Jul 26 2022 17:51:21 GMT+0800 (China Standard Time)

If you really want to cut off the username, I guess you should switch the filter so that there is a wildcard (or @*) appended automatically. Did you try?

chris · Answer 4 · Tue Jul 26 2022 19:41:16 GMT+0800 (China Standard Time)

Adding the string, which I cut of helped. So a combination of this filter (be_users_filter):

(&(objectCategory=Person)(userprincipalname={USERNAME}@domain.local)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

and that mapping configuration (be_users_mapping)

username {
    field = userprincipalname
    split {
        token =@
        cObjNum = 1
        returnKey = 0
        1.current = 1
        1.wrap = |
    }
}

works for me.

Thanks for your help and this outstanding extension!