Luke Taylor added a comment - 03/Feb/06 09:07 AM

Luke Taylor added a comment - 03/Feb/06 09:07 AM It seems that AD can be supported using the existing authentictor. From my post of the dev list: [quote] I've heard of two "alternative" pseudo-DN syntaxes supported by AD. One is "username@domain" and the other is "domain\username". I think you can try binding with either of these using the existing BindAuthenticator. If the user types in the entire name, you could have:    <property name="userDnPatterns">     <list>      <value>{0}</value>     </list>    </property> or if they only type in the username part, you could use something like    <property name="userDnPatterns">     <list>      <value>{0}@mycompany.com</value> <!-- and/or -->      <value>domain\{0}</value>     </list>    </property> [/quote] Anthony Geoghegan's response: [quote] I've tested both:      <value>{0}@mycompany.com</value> <!-- and/or -->     <value>domain\{0}</value> And they work with Active Directory 2003. The top one is of special interest as this is the Kerberos service principal name. [/quote] User's can of course also bind with a full DN directly.