Forum Discussion
Kevin_Stewart
Oct 28, 2013Employee
Just wondering how you went with this one, I also am fiddling with the Kerberos auth and then needing to do an AD Query for Group membership. Did you manage to figure that bit out?
A successful client side Kerberos authentication will produce a session.logon.last.username value in UPN format (ex. bob.user@mydomain.com). To do any form of AD/LDAP query against that value, you may need to break it apart, though it should already be the userPrincipalName value. Example SearchFilter:
userPrincipalName=%{session.logon.last.username}