There might be cases that customer would rather use the email address instead of the username to login into the CA Embedded Entitlements Manager (EEM) due to the company policies.
If that is the case, it is possible to configure EEM authentication to external Microsoft Windows Active Directory (AD) to filter the user by the corresponding field in AD which contains the user's email address instead of its username.
This configuration can be done directly in EEM by logging as EiamAdmin and navigating to below location:
Configure tab >> User Store >> LDAP Attribute Mapping
Then, create a new custom attribute mapping based on Microsoft Active Directory. Change only “User Authentication Filter”:
- from: “(&(objectClass=user)(!(objectClass=computer))(sAMAccountName=”
- to: “(&(objectClass=user)(!(objectClass=computer))(userPrincipalName=”
Click on "Save As" button to save this new configuration with another name (in this example it is saved as "Custom AD").
Customer should be changing the filter according to what is in their AD attributes.
They could use any LDAP browser tool such as JXplorer to verify which AD attribute has the user's email address.
In this example we used "userPrincipalName".
Then, create a new mapping to the Microsoft AD and select to use the Custom mapping created (as the example "Custom AD"). For this, navigate to below location:
Configure tab >> User Store >> User Store
LDAP browser tool:
CA community link: