Reset Search
 

 

Article

When should I enable "Keep Domain Name for User Lookup" in LDAP configuration?

« Go Back

Information

 
TitleWhen should I enable "Keep Domain Name for User Lookup" in LDAP configuration?
Question
When should I enable "Keep Domain Name for User Lookup" in LDAP configuration?
Environment
  • NAC
  • EAC
  • Extreme Access Control
  • LDAP 
Answer
When using SamAccountName as a User Search Attribute, it is not typically recommended to enable this.
When using ServicePrincipleName as a User Search Attribute, it is recommended to enable this.


User-added image
 
Additional notes
An Ldap trace will typically show that a user with SamAccountName and Keep Domain Name for User Lookup checked off will not get a reply with a SearchResEntry.

samaccountname is domain/username
UserPrincipleName is email address
Those are the formats that the user must use to login.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255