Can Vault support upn sign-in?

Setting up Vault to integrate with LDAP Server(AD). samAccountName sign-in is working but not upn. According to Sample 1 of LDAP - Auth Methods | Vault | HashiCorp Developer, upn is supported.

tried all in below, none of them is working.
remove userattr

any advices are very much appreciated.


Could you please share the auth method config you are using? It should be similar to the example section of the doc page:

yes, i followed scenario 2 with userattr=sAMAccountName.

tried to change it to userattr=userprincipalname

and userattr=uid@userprincipaldomain

none of them can allow me sign in as upn.

Did you set upndomain in the config? (see example 1)


vault write auth/ldap/config url="ldaps://"
userattr=“samAccountName” userdn="ou=automation,dc=xxxx,dc=com"
groupdn=“ou=automation,dc=xxxx,dc=com” groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"
groupattr=“cn” `

binddn=“CN=ldap_service,OU=service accounts,OU=Automation,DC=xxxx,DC=com” bindpass='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
upndomain=“” `
insecure_tls=true starttls=true