Hey,
I think you can't, what I can tell you though is that it depends on the domain the user has whether or not he has to use the principal name. we can do currently the following:
connected ldap to the domain "example.com"
If the user now has a principal name "userTest@example.com" he can log on by just using "userTest", but if the user is in a subdomain, he needs to use the principal name.
keep in mind, if you have something like that:
- userA@example.com
- userA@sub.example.com
and the user logs in only using "userA" as username, CA RA will pick userA@example.com
don't know if this helps in any way, but I just wanted to spread the word.
best regards
michael