I have an nginx server set up for user authentication through Active Directory (AD) using Kerberos. I've installed the nginx-spnego module, created a keytab file, and configured everything in the nginx config. Everything works flawlessly. Our AD hosts a multitude of users across three different domains. User IDs cannot be duplicated within the same domain but can be across these domains. During authentication, I need to retrieve not only the user's account name but also the domain it resides in to accurately identify the user. Currently, in the nginx config, I'm capturing the user ID and setting it in the header with proxy_set_header X-User $remote_user. However, this variable only contains the user ID without the domain (despite sources online suggesting that it should include the domain prefixed with an @).
Is there a way to obtain the domain in addition to the user ID?