Active Directory integration - Duplicate users when using different username formats

Currently running on Hammer-2 and i’ve got a small issue with Active Directory integration. ManageIQ is accepting both Legacy (DOMAIN\User) and UPN (user@domain) formats for usernames and when provided with a Legacy username format its creating a new account with the format of domain\user@domain

I’m assuming that this could be corrected in either SSSD or Apache, but i’m not sure how to proceed with this, has anyone experienced and fixed this before?

@Joe_Vlcek do you know?

What method of authentication are you using, External Auth or LDAP(S)?
Our LDAP(S) support is deprecated. One known issue is that there are inconsistencies with userid format. If you are using authentication mode LDAP(S) it is recommended you transition to External Auth.

Here are some links to documents that should help.

The ManageIQ Authentication documentation can be found here:
https://www.manageiq.org/docs/reference/

An overview of ManageIQ Authentication can be found here: https://www.manageiq.org/blog/2018/02/auth-overview/

Help Troubleshooting ManageIQ Authentication can be found here:
https://www.manageiq.org/blog/2018/01/troubleshooting-auth/

A tool exists that can help convert LDAP(S) configurations to External auth. It is documented here:
https://www.manageiq.org/blog/2017/09/miqldap-to-sssd/