Skip to content

Commit

Permalink
Docs - update ldap page to add clarity around sAMAccountName (#19450)
Browse files Browse the repository at this point in the history
* Docs - update ldap page to add clarity around sAMAccountName

Updated https://developer.hashicorp.com/vault/docs/secrets/ldap#active-directory-ad-1 to clarify customers configure username properly using username_template when sAMAccountName is involved.

* Docs -  edit on last update for ldap page

Fixed the link /vault/docs/concepts/username-templating
  • Loading branch information
prabhat-hashi authored Mar 3, 2023
1 parent c5d99ed commit 3e4262f
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions website/content/docs/secrets/ldap.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,8 @@ password and enable the account.
Windows NT systems and has a limit of 20 characters. Keep this in mind when defining your `username_template`.
See [here](https://docs.microsoft.com/en-us/windows/win32/adschema/a-samaccountname) for additional details.

Since the default `username_template` is longer than 20 characters which follows the template of `v_{{.DisplayName}}_{{.RoleName}}_{{random 10}}_{{unix_time}}`, we recommend customising the `username_template` on the role configuration to generate accounts with names less than 20 characters. Please refer to the [username templating document](/vault/docs/concepts/username-templating) for more information.

With regard to adding dynamic users to groups, AD doesn't let you directly modify a user's `memberOf` attribute.
The `member` attribute of a group and `memberOf` attribute of a user are
[linked attributes](https://docs.microsoft.com/en-us/windows/win32/ad/linked-attributes). Linked attributes are
Expand Down

0 comments on commit 3e4262f

Please sign in to comment.