1. Support Portal
  2. RadiantOne IDDM (Formerly Known As FID)
  3. Troubleshooting

Enable AD-Style Usernames for LDAP BIND in RadiantOne VDS (domain\sAMAccountName and user@domain)

Shraddha Jamadade
Updated

Overview
RadiantOne FID can support AD-style login conventions for LDAP BIND authentication, including domain\sAMAccountName and sAMAccountName@domain (UPN-style).
This is done by configuring a custom login mapping so the presented login value is translated into the correct user entry for bind authentication.

Applies to

  • Product: RadiantOne / VDS (FID)
  • Version: 7.4.x
  • Platform: Linux/Windows

Symptoms / Use case

  • Applications previously binding directly to Active Directory continue to send credentials using:
  • DOMAIN\username (NetBIOS-style)
  • username@domain (UPN-style)
  • After migrating apps to bind to VDS (often via an AD proxy), authentication may fail unless VDS is configured to interpret these login formats.

Solution (High level)

  • Configure a custom login mapping in VDS so the bind DN (what the client sends as “username”) can be mapped to a directory entry.
  • If multiple AD domains (or multiple proxies with different DN structures) are involved, the mapping typically needs to be defined separately per proxy/domain structure.

Example mappings

  • UPN-style login (username@domain)
    • If the user entries already contain a userPrincipalName (or equivalent) attribute, map the login to a search using that attribute.
    • Example expression pattern:
      • (.+)
      • ou=Users,ou=...??sub?(userprincipalname=$1)
    • Note: Adjust the base DN to match the user subtree in the proxy/domain being targeted.
  • NetBIOS-style login (domain\sAMAccountName)
    • Configure the login mapping to parse the domain\username format and locate the user record accordingly.
    • If different proxies/domains have different DN layouts, configure the appropriate mapping per proxy.

Testing / Validation

  • Validate using an LDAP bind test (example using ldapsearch):
  • Confirm the bind succeeds when using the expected login formats (for example, binding with a short name, UPN-style name, and/or domain\username, depending on what the application uses).
  • Ensure the search base and filter used by the mapping return exactly one user entry for each login value.

Notes / Common pitfalls

  • If supporting many domains, plan for how mappings will be maintained per domain/proxy (especially when DN structures differ).
  • If UPN-style works but domain\username does not, verify the mapping correctly splits the domain portion and the username portion, and that the domain being supplied matches what the mapping expects.
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more