-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AAD invited users #61
Comments
It is important to note that the LDAP-wrapper only partially supports invited users from Azure Active Directory (AAD). Invited users must be from another AAD tenant. Personal Microsoft Accounts, such as outlook.com, hotmail.com, or live.com, are not compatible with the LDAP-wrapper due to Microsoft's restrictions. Similarly, guests without an AAD are also not supported for the same reason. If you encounter issues with these "failing" users, they should be logged when you start the wrapper. However, if you have an invited user whose invitation has been accepted, the user will be synchronized with the LDAP-wrapper. It is worth mentioning that invited users will retain their original domain as part of their name in the LDAP entry to avoid duplicate entries. For example, if your domain is |
Are you trying to querying the LDAP server or just login? For login/bind you can use just the regular username as in $ldap_server = "127.0.0.1";
$ldap_port = 13389;
$ldap_bind = "uid=sample@example.com";
$ldap_pass = "mySamplePWD@secure";
$ldap_uid_for_query = "uid=sample_example.com";
$base = "dc=domain,dc=tld";
#Install-Module -Name S.DS.P
Add-Type -AssemblyName System.DirectoryServices.Protocols
#get password as secure string
$pwd = ConvertTo-SecureString -String $ldap_pass -AsPlainText -Force
$cred = new-object PSCredential($ldap_bind, $pwd)
$Ldap = Get-LdapConnection -LdapServer $ldap_server -Credential $cred -AuthType Basic -Port $ldap_port
Write-Output "(&($($ldap_bind))(objectClass=*))"
$SearchResults = Find-LdapObject -LdapConnection $Ldap -SearchFilter:"(&($($ldap_bind))(objectClass=*))" -SearchBase:"$($base)" -PropertiesToLoad('dn')
Write-Output "uery for bind user -> returns nothing:"
Write-Output $SearchResults
Write-Output "--- --- ---"
Write-Output "(&($($ldap_uid_for_query))(objectClass=*))"
$SearchResults = Find-LdapObject -LdapConnection $Ldap -SearchFilter:"(&($($ldap_uid_for_query))(objectClass=*))" -SearchBase:"$($base)" -PropertiesToLoad('dn')
Write-Output "uery for _-user should return something:"
Write-Output $SearchResults |
Thank you very much for the details. Your user is not recognized as external ( |
An improved version is now in the Docker DEV tag. Feel free to try it out :) |
Samba (or maybe Windows OS, I'm not sure here) cuts off the domain. If you enter |
Is it possible to have AAD invited users in the LDAP-wrapper?
Let's say there are:
As of right now - users are imported into the LDAP-wrapper but while try to fetch any data from (using ldap search) - I'm getting no such object error.
The text was updated successfully, but these errors were encountered: