Apparently the modified file works for the user. With a few additional config parameters the LDAP authentication plugin would also support this scenario. However, I can't verify that (but I'm also used to LDAP suffixes here and there).
LDAP authentication does not support such scenario:
- LDAP server does not allow anonymous binding
- there is no special account for AD user
- but it allows binding for any registered user, but account suffix must be added to the user name
Here is my config example:
- LDAP server name: ldap://europe.company.net
- LDAP base dn: DC=company,DC=net
- LDAP uid: sAMAccountName
- LDAP e-mail attribute: mail
For binding I need such username: sAMAccountName@company.net, and I need that AD user is also: sAMAccountName@company.net with its password.