LDAP and Windows 2008 AD

Lanberyuan · 2013-05-09 16:25:35

I configure LDAP and filled out detail about field, and then the test is "Test successful (Main server : CNA)". But, I couldn't find/search user from AD when I want to be synchronization from Windows 2008 AD to GLPI users.

There are 100 users in Windows 2008 AD, I won't add all (one by one) to GLPI; and I want user login GLPI use same password with Windows account's password. May somebody help me?

Lanberyuan · 2013-05-09 17:00:27

Hi, I fixed it. thanks.

They are must like below:
BaseDN:DC=AAA,DC=com,DC=cn
rootDN: CN=glpi,CN=Users,DC=AAA,DC=com,DC=cn

If I only typed AAA.com.cn and glpi for both fields, the test is okay, but I still couldn't import uses from AD. Once I use correct string, they are okay.

joseluis.teixeira · 2013-05-10 10:30:57

SETUP > Authentication > LDAP directories

Please verify that you have this on the Login Field.

Login Field : samaccountname

Active Directory Users and Computers
MyDomain.local
|
+---MyContainer
|
+------Users
+------Workstations
+------Printers

This will translate to:

BaseDN: OU=Users,OU=MyContainer,DC=MyDomain,DC=local

on the rootDN *IF* you don't allow anonymous binding you should put a admin user login as follows:

rootdn (for non anonymous binds) : MyDomain\administrator
Pass (for non-anonymous binds): ••••••••

samcro · 2013-05-10 16:36:22

thx jose,

my users are in different containers in my local domain, so that would translate in just the domain wouldnt it? i´m messing around with this for one week now and can´t seem to get it working...

i have to search for users in all containers so i defined my BaseDN like this: DC=MyDomain,DC=local
Test says succesful but "no users to import" when i search...

any advice will be appreciated!
thx in advance

joseluis.teixeira · 2013-05-10 18:04:11

samcro wrote:

in all containers so i defined my BaseDN like this: DC=MyDomain,DC=local

You can setup 3 different LDAP directories: like follow

BaseDN: OU=OU1,OU=MyContainer,DC=MyDomain,DC=local

BaseDN: OU=OU2,OU=MyContainer,DC=MyDomain,DC=local

BaseDN: OU=OU1,OU=AnotherContainer,DC=MyDomain,DC=local

Don't forget to mark each:

Login Field : samaccountname
Active : yes

If you see just users from one particular OU, and not from others OU's then you can import the users directly from this link:
http://YourServer/glpi/front/ldap.import.php?action=show&mode=0&interface=expert

BaseDN: OU=OU1,OU=AnotherContainer,DC=MyDomain,DC=local
Search filter for users: (& (samaccountname=*) )

hit search

Hope that helps

Lanberyuan · 2013-05-13 10:06:30

Thanks for everyone, I fixed this.

samcro · 2013-05-13 11:17:32

thx again!!

problem was the marked filter:

this was mentioned in the official tutorial but seems to be wrong.
thanks for your help.

jargon · 2013-06-28 09:32:48

I'm having trouble with setting up AD authentication.
glpi: 0.83.91
Windows AD 2008

My options are different from the glpi ldap/ad documentation and from this thread. I don't know why.

Setup --> Authentication --> LDAP directories

Name:
ID:
Server:
Port:
Basedn:
Connection filter:
Default server:
Login field:
Surname:
First name:
Phone:
Phone 2:
Mobile phone:
Title:
Category(class):
Comments:
Email address 1:
Email address 2:
Email address 3:
Email address 4:
Use DN in the search:
Last update:
Select language:
User attribute containing it:
Filter to search in groups:
Group attribute containing it:
Search type:
Active:

That is all there is in my glpi 0.83.91. I see no RootDN anywhere.

Last edited by jargon (2013-06-28 09:36:56)

Forum GLPI-Project

Announcement

#1 2013-05-09 16:25:35

LDAP and Windows 2008 AD

#2 2013-05-09 17:00:27

Re: LDAP and Windows 2008 AD

#3 2013-05-10 10:30:57

Re: LDAP and Windows 2008 AD

#4 2013-05-10 16:36:22

Re: LDAP and Windows 2008 AD

#5 2013-05-10 18:04:11

Re: LDAP and Windows 2008 AD

#6 2013-05-13 10:06:30

Re: LDAP and Windows 2008 AD

#7 2013-05-13 11:17:32

Re: LDAP and Windows 2008 AD

#8 2013-06-28 09:32:48

Re: LDAP and Windows 2008 AD

Board footer