...
| Code Block |
|---|
(...)
<resolver:AttributeDefinition id="principalName"
xsi:type="ad:PrincipalName"
dependencyOnly="true">
</resolver:AttributeDefinition>
<resolver:AttributeDefinition id="krb_principalname"
xsi:type="ad:Mapped"
sourceAttributeID="principalName"
dependencyOnly="true" >
<resolver:Dependency ref="principalName" />
<ad:ValueMap>
<ad:ReturnValue>$1</ad:ReturnValue>
<ad:SourceValue>(.+)@(.+).DOMAIN.COM</ad:SourceValue>
</ad:ValueMap>
</resolver:AttributeDefinition>
(...)
|
!AttentitonAttention: Usually the "principal name" corresponds to the LDAP attribute "sAMAccountName" (limited to 20 characters) in a windows the active directory environment.
Example_2: To extract/format the "realm" from kerberos principal:
...