So we want to use Active Directory's SID ("objectSID") for our user lookups instead of "username". This is because usernames can change but SID does not. If we use "username" and our sync process runs, if a user's username has change, the sync will fail.
So we updated LDAP_AUTH_USER_LOOKUP_FIELDS to be ("sid",) and it seems to work. However, we had to create a custom auth backend to utilize the "username" field for the authenticate method.
Can the package be updated to accommodate this situation? And are there any unforeseen issues we might run into using our custom solution?
So we want to use Active Directory's SID ("objectSID") for our user lookups instead of "username". This is because usernames can change but SID does not. If we use "username" and our sync process runs, if a user's username has change, the sync will fail.
So we updated LDAP_AUTH_USER_LOOKUP_FIELDS to be ("sid",) and it seems to work. However, we had to create a custom auth backend to utilize the "username" field for the authenticate method.
Can the package be updated to accommodate this situation? And are there any unforeseen issues we might run into using our custom solution?