We have added multiple users from our AD environment. Each of our staff has two accounts - admin and normal. These accounts have different names but the same contact email address.
Admin accounts are located in OU=Administrators, normal accounts are located in OU=Staff. We have correctly set the LDAP auth BaseDN to OU=Staff, however when the accounts are automatically synced, we are seeing the incorrect username.
Email address email@example.com
Normal user account: "Tom Smith" username "Tom.Smith@domain.com"
Admin account: "Tom Smith $Admin" username "Tom.Smithfirstname.lastname@example.org"
On sync, shows "Tom Smith $Admin" instead of "Tom Smith".
It appears the BaseDN is being ignored, and matching is performed by email address only.