Enable domain-less sAMAccountName in LdapAdapter

[kiwiwings]

Is there an existing issue for this?

• I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

The LdapAdapter class is using the full down-level logon name to do LDAP queries.

In our active directory the sAMAccountName doesn't contain the domain and hence the lookup fails.
I found definitions which say it's a must to contain the domain name and vice versa

Describe the solution you'd like

Would it be possible to introduce an option to change the behavior of LdapAdapter to omit the domain name on the ldap lookup?

Additional context

No response

[MackinnonBuck]

@kiwiwings, why doesn't sAMAccountName contain the domain name? How common is this? I'm not an LDAP expert.

[kiwiwings]

@MackinnonBuck I can only guess: because our AD tree is dating back to 2004 and my second link in the description points out, that backslash shouldn't be part of the sAMAccountName when dealing with old windows versions.

I can't give you statistics on how often this is the case, but converting the AD entries is also not happening soon.

[MackinnonBuck]

Thanks for the clarification, @kiwiwings. We're going to move this issue to the backlog to determine its impact.