I am lost in the sauce. I am implementing a AD/Ignition Hybrid user source. I have it connected and on the users tab I can see everyone(username, email, phone) and assign ignition defined roles. I did not like how the user source automatically appended my name Alex.Rayburg with “@domain” because people are use to using their full email to sign into things. So I go to settings and uncheck the box “automatic suffix” and I can now sign in with alex.rayburg@domain.com but when I made this change, all the names under the user tab for the user source is gone and therefore I can not assign roles to alex.rayburg@domain.com and roles I assigned before the suffix setting change do no get carried through to alex.rayburg@domain.com(I can imagine why). So in conclusion I want to assign roles to alex.rayburg@domain.com a valid log in but do not know how to.
Added context:
I also made an IdP for this hybrid user source. Screenshots below
I did a poor job of blurring things out, I cant delete, if some admin thinks I didn’t blur out critical info in that first SS please remove the post lol. the email is fine
Thanks for the reference! The one thing I am encountering though is that I am unable to add users to the AD/Hybrid User source. I can create roles sure, but the user list is blank and there is no button to add user like with the default source.
Thanks for the reference! The one thing I am encountering though is that I am unable to add users to the AD/Hybrid User source. I can create roles sure, but the user list is blank and there is no button to add user like with the default source.
To reiterate. I find it so weird that the list of users disappears when I tick off this setting in the AD/Hybrid User source,
Reading this, you would think this simply means users have to type in the full email to sign in which is true that does happen, but why is my user list gone feels like a bug, I cant assign roles to an empty list of users
Sorry, I don't have an answer for you. It was some years back that I got it working for the organisation I was with. The main benefit with the hybrid is that you couldn't get locked out completely.
The Gateway uses the “Gateway Username” and “Password” settings in a bind operation with the LDAP server to “log in” as the Gateway user. Once logged in, the Gateway does a search operation to list all users under the configured “User Listing Base” and using the configured “User List Filter”.
The “Automatic Suffix” setting applies to this Gateway user credential in addition to all other user credentials passed from Ignition to the LDAP server.
When you disabled the “Automatic Suffix” setting, did you also update your Gateway username to also use the username@domain format? If not, this could explain why the user list fails to populate since it’s possible that now the Gateway is only passing the Gateway username without the automatic domain suffix.
