Hi Basis,
there is actual no data fetching by a LDAP authentication.
We make a LDAP authentication against the Active Directory. What we get is the name of the authenticated User as UPN.
There is no way to restrict the LDAP access to name patterns etc,
But you can restrict the Search Path in Active Directory with the Login BaseDN, so only Users which are member of a specified Group can login and get a certificate.
best regards
Alexander Gimbel
