I'm trying to authenticate an account via an alias on the account. In other words, use a friendly account name for the email address, but have an alias on the account which is the LDAP account that the user logs in with.
LDAP bind DN template: %firstname.lastname@example.org
LDAP URL: ldaps://query.ad.domain.com:3269
LDAP filter: (cn=%u)
LDAP search base: DC=domain,DC=edu
Use DN/Password to bind: Yes
Error in audit.log:
domain.com-10-16 10:40:06,770 WARN [qtp390087669-44670:http://127.0.0.1:80/service/soap/AuthRequest] [email@example.com;oip=128.x.x.x;ua=zclient/8.0.2_GA_5569;] security - cmd=Auth; firstname.lastname@example.org; protocol=soap; error=authentication failed for [staffuser], external LDAP auth failed, authentication failed for [N/A];
I'm wondering what the [N/A] part is... It looks like it's attempting to log in using the right value (staffuser) for the right account. I can log in with this user (staffuser) successfully in the test form in the authentication configuration page. I'm not sure what the bind DN user template is for, though, or if that should be blank. I can't seem to change it via the admin UI.
Edit: Removing the template doesn't change anything.