User not found or several users found (Windows 2000 AD)

Tomba · 2008-04-15 10:25:17

I've been trying to get glpi to use my Active Directory as a 'user' source. Even though it tells me 'Test successful' when i click 'Test of connection to LDAP directory', I still get an error when trying to login using an active directory user. The same error occurs when trying to (bulk) import from AD:
'User not found or several users found'

Can anyone help me using AD as authentication ?

(My glpi version is 0.70.2)

Last edited by Tomba (2008-04-15 10:28:13)

tsmr · 2008-04-15 10:43:34

put your glpi ad config here please

Tomba · 2008-04-15 11:07:43

tsmr wrote:

put your glpi ad config here please

http://img175.imageshack.us/my.php?imag … dapsr6.jpg

Do you need any more info ?

tsmr · 2008-04-15 11:20:58

login field : samaccountname

after :
Proceed by step : :

1. connection test to AD : from button on /front/setup.auth.php?next=extauth_ldap&ID=1
2. test of users import : with /front/ldap.php : if you list your users so the connection is OK
3. Setup access rules from : front/rule.right.php

Tomba · 2008-04-15 12:01:42

tsmr wrote:

login field : samaccountname
after :
Proceed by step : :
1. connection test to AD : from button on /front/setup.auth.php?next=extauth_ldap&ID=1
2. test of users import : with /front/ldap.php : if you list your users so the connection is OK
3. Setup access rules from : front/rule.right.php

Login field is filled with samaccountname glpi (which I created)
1. http://img215.imageshack.us/my.php?image=glpi1jf6.jpg
2. http://img215.imageshack.us/my.php?image=glpi2fp2.jpg
3. What do I need to setup here ?

augusto.ferronato · 2008-04-15 13:21:53

In Login Field, is the atribute for search users, no? SAMAccountName is the atribute on AD for search by login , change this field

Thanks

Tomba · 2008-04-15 14:36:03

augusto.ferronato wrote:

In Login Field, is the atribute for search users, no? SAMAccountName is the atribute on AD for search by login , change this field
Thanks

Dear Augusto, I really don't understand what you are saying here. What should I enter for SAMAccountName ? I assumed I should enter the user which queries the AD ?

primobruno · 2008-04-15 14:58:54

If i may, i'll use this thread because my problem was similar to this.Hope Tomba doesn't mind.
"User not found or several users found" ??????

This is my "machine" configuration:

Started with GLPI version 0.68.3 and updated to 0.70.2.
I have installed GLPI on a XP-SP2 machine with "XAMPP for Windows Version 1.5.5" and Firefox2.0.0.13/IE6.
OCS and GLPI integration successfully done.
GLPI and AD (win2k) authentication successfully done, after some troubleshooting (see below).

This is my "External authentication sources" for LDAP:

Name:                                   AD
Server:                                 ldap://server.domain.local
Port:                                   389
BaseDN:                                 DC=domain,DC=local
rootDN:                                 CN=glpi,CN=Users,DC=domain,DC=local
Pass:                                   (glpi user password)
Connection filter:                      (objectClass=user)
User field:                             samaccountname
Use TLS:                                No
Timezone:                               GMT
Search type:                            Users&Groups
User attribute containing its groups:   memberof
Filter to search in groups:             (objectClass=group)
Group attribute containing its users:   member
Use DN in the search:                   Yes
Surname:                                givenname
First name:                             sn
Comments:    
E-mail:                                 mail
Phone:                                  telephonenumber
Phone2:                
Mobile:

When i go to GLPI-->Administration-->Users-->LDAP link ,i can:
Import new users and Synchronizing already imported users

Everything works fine and i can login using active directory users.
After some days troubleshooting this, i've detected "my problem" with ldap/users.
Inside microsoft application named: Active Directory Users and Computers - Win2k: (logon to)

There is a button called: "Log On To".
This button is used to configure user access to computers inside the domain.
The users i have configured just to use their own computer CANNOT login to GLPI.
If i add the DC (domain controller) to the "list" under "Log On To", the users CAN login to GLPI.
In short, AD users must be allowed to logon on Domain Controllers or else GLPI Ldap authentication wont work.

btw: Congratulations on this amazing software."Trés bon et util".

Tomba · 2008-04-15 16:42:52

primobruno wrote:

[..]

primobruno thank you so much. I am now able to log in using any user
/me is continuing playin around with this amazing software (Next step --> OCS NG !)

tsmr · 2008-04-15 21:42:17

cool for you

Add this to the wiki

Forum GLPI-Project

Announcement

#1 2008-04-15 10:25:17

User not found or several users found (Windows 2000 AD)

#2 2008-04-15 10:43:34

Re: User not found or several users found (Windows 2000 AD)

#3 2008-04-15 11:07:43

Re: User not found or several users found (Windows 2000 AD)

#4 2008-04-15 11:20:58

Re: User not found or several users found (Windows 2000 AD)

#5 2008-04-15 12:01:42

Re: User not found or several users found (Windows 2000 AD)

#6 2008-04-15 13:21:53

Re: User not found or several users found (Windows 2000 AD)

#7 2008-04-15 14:36:03

Re: User not found or several users found (Windows 2000 AD)

#8 2008-04-15 14:58:54

Re: User not found or several users found (Windows 2000 AD)

#9 2008-04-15 16:42:52

Re: User not found or several users found (Windows 2000 AD)

#10 2008-04-15 21:42:17

Re: User not found or several users found (Windows 2000 AD)

Board footer