Why won't LDAP authenticate user whose Login and Full Name don't match?

I've been able to configure the LDAP auth module to successfully authenticate users whose username exactly matches their full name ('Display name' in the AD interface).

So for example:

  • A user with username 'communityuser' whose full name is also 'communityuser' can log into the system successfully
  • A user with username 'community.user' whose full name is 'Community User' does not authenticate

Our naming pattern for most users is 'firstname.lastname' with their full name being 'Firstname Lastname'.  Is there something I can alter in my settings that would allow users with this mismatch to successfully authenticate?

Comment actions Permalink

Hi Mattew,

Unfortunately Hub, which is a part of Upsource responsible for user authentication, disallows spaces in VCS user names. It’s a known issue and to be honest already fixed, but will be released only in the next update ~ Q2 2015.

Best Regards

Comment actions Permalink

I appreciate the response, Artem, but that is not the issue at hand here.  This is purely an LDAP authentication issue, our VCS names are separate and contain no spaces.

Futhermore, a user with:
login: communityuser
full name: communityuser2

does not authenticate.  Updating the AD to change the full name to communityuser causes the user to authenticate successfully.  It really appears that it's the mismatch between login and full name that is the problem here.

Comment actions Permalink

Ok Matthew, I just checked the case with exactly the same names -  login: communityuser and full name: communityuser2 in our labs and it works fine.

Could you please post a screenshot of your auth module settings? (you can also send it to upsource-support@jetbrains.com)

Thanks in advance.

Comment actions Permalink

Hi Artem, thanks again for the prompt response, it must be something in my LDAP settings then.  

The "Insert Image" functionality on this board doesn't work for me but I did attach a screenshot of my auth module settings in my original message above https://devnet.jetbrains.com/servlet/JiveServlet/download/5532690-21444/001.png

Comment actions Permalink

Hi Matthew,

If you define DN transorm as it is shown here. It may help.

Comment actions Permalink

Gah, okay, I feel like an idiot.  I am indeed able to login with normal user accounts by simply appending the '@mycompany.com' or setting up the DN Transform as you indicate. (I do still see the curious behavior from my communityuser example but that was just a test case and isn't important to my situation)

Thank you, guys, sorry for wasting your time on something so obvious.


Please sign in to leave a comment.