You are here

LP 5, AD and password sync

Submitted by zzbroud on Thu, 10/01/2015 - 09:55


We are beginning a test install of LP 5 and want to use AD credentials for authentication if possible. Currently our AD and Luminis usernames are not the same. We are using first.last (3rd Party Id) for Luminis and (userPrincipalName) with AD. Many of our newer users have never used sAMAccountName to login to anything.


1. Is it possible to use a username in the format of for Luminis 5?

2. Is it possible to use something other than sAMAccountName for the match in AD?

3. It's my understanding that SSO to external applications will pass the Luminis username and password so how are you keeping passwords in sync?

I had seen a very helpful post on edu1world from about how they accomplished this. Unfortunately the post didn't get moved to eCommunities and I'm having problems contacting anyone at Marist. Anyone have suggestions?



Luminis Version:

1) Yes, you should be able to use a login ID of that format if desired. If you use the Banner/Luminis LMG/LDI interface to provision user accounts, you would need to configure the interface to build the correct username.
2) Yes, one can configure CAS to match AD on a different attribute. One would change the specification in deployerConfigContext.html.
3) Password sync was a challenge for us on LP5. LP5 can do external password storage and synch via user prompts, but does not automatically store the login credential as LP4 did. We developed a password check app that is executed at login. If the check fails, the CPIP engine asks the user to enter their luminis password for storage. That way all partner systems that use the LP5 credentials via GCF pickup.response method can be accessed via SSO. GCF pickup.html based connectors will directly invoke the password update prompt on login failure. Check with my by e-mail to bill_ramsay at if you want more details about our password check app.