I have my Remote Access setup to use LDAP (AD) for authentication. I am migrating from RADIUS Authentication because I would like to use the LDAP Groups in order to create different levels of access (RADIUS does not seem to push Group membership for use in rules).
Here is my issue: when using LDAP, the users need to login using the sAMAccountName (e.g. user = jdoe), but we would prefer to use a login of the userPrincipleName (e.g. user = firstname.lastname@example.org). The reason for this is most, if not all, of the places we have login information, we use the userPrincipleName - mostly for cloud based services. All of our documentation is already set to use this as the login, and we would like to continue to use this.
Is there a way to force a Remote Access Authentication via LDAP to use the userPrincipleName instead of the sAMAccountName?