You are viewing limited content. For full access, please sign in.

Question

Question

Forms - Why does a Windows User's Username change based on their type of licensing and what is it exactly?

Updated November 20, 2017
asked on November 15, 2017

The Named User's Username appears to be their "Username" in AD. But the participant licenses appear to be their "Email" from AD. Why use two different methods based on cost of licensing? Also is it really their Email or is it their username@domain? Since I need to verify for an AD lookup.

The reason it's confusing is we don't know what we paid for their licensing, or really care. We just want to know who they are, so when we look them up in AD for a lookup, how do we match their account with their login for forms? AD doesn't know how their licensed for Laserfiche to give us a way to determine which field we should match up, username or email.

I have approver lookups all over the place now, with mixmatched login names like domain\user followed by user@domain, and so on. I always thought it was bonkers but just getting around to asking.

0 0

Replies

replied on November 15, 2017

In our case, it matched up with email address, which seems pretty common for LDAP connections. Named Users on the other hand sync up with a Repository, rather than LDAP, which is why the accounts match.

However, you can eliminate this issue entirely if you switch from Repository Authentication to LFDS Authentication. When you use LFDS all AD users show up the same way regardless of license type.

We switched over from Repository to LFDS Authentication and it is exponentially better. The change was not terribly difficult to accomplish provided you take the necessary precautions.

2 0
View 3 previous replies
replied on November 15, 2017

I wonder what username they get if they don't have an email configured in AD.

I don't have a directory server in most instances, only in an enterprise environment.

0 0
replied on November 15, 2017 Show version history

I suspect it's pulling the AD User Principal Name rather than the email. They're usually the same value, but are definitely different attributes.

 

User-Principal-Name attribute
https://msdn.microsoft.com/en-us/library/ms680857(v=vs.85).aspx  
"By convention, this should map to the user email name."

2 0
replied on November 15, 2017

Why does it pull a different name depending on their licensing? The problem is that each user has a different method of generating their username, so we never know what their username is without manually going to look it up.

1 0
replied on November 15, 2017

I don't personally know why that method was chosen. I've seen LDAP work both ways, but I've seen it with UPN more frequently.

Either way, I would highly recommend moving over to LFDS Authentication. Not only would it solve your username problem, but it is far more manageable.

LFDS Authentication supports SSO, so you have the option of allowing users to login automatically with Windows credentials regardless of license type.

Additionally, you can control both access and licensing with AD groups (with the latest version/updates), which has made things far easier in our environment.

1 0
replied on November 16, 2017

We have questioned and been frustrated at the 2 different names as well.   Being on Avante, LFDS is not an option.

To get around it, often the first thing we do on a new form is to set up a hidden field that gets the users login name ( email or domain )
participant = {/_currentuser}
Then create a username field that extracts the username via a formula from the participant name   ( doc\name or name@idoc.idaho.gov in our world )
username=IF( LEFT(participant,3) = "DOC",SUBSTITUTE(participant,"DOC\\",""),
IF(RIGHT(participant,3) = "gov",SUBSTITUTE(participant,"@idoc.idaho.gov",""),""))

0 0
replied on November 20, 2017

In our case we are allowing the form submitter to select a user from a list to assign the form to. Almost every customer has at least 1 form like this. Usually because they are selecting their manager or supervisor to approve. The list of users contains their windows domain account in the alternate values. I could write a script like yours to convert to their email (assuming their email is always the same as their username which isn't the case for sure) but the real question is:

How will the system KNOW if they are a participant or not??

The only way I can see, is to attempt to assign the task to them and if it fails, then attempt to assign using their email. But this is not the workflow designer. You can't get that fancy.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...