You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2008-12-05 19:03:57

jpalmer99
Member
Registered: 2008-08-29
Posts: 17

Trouble importing only some AD users

I have import setup from active directory.  It does test connection ok and also I can logon with users using AD password.  The problem is when I try to import some users I get the following error on the screen:

PHP ERROR:ldap_read()[function.ldap-read]:Search:  No such object in /var/www/glpi/inc/user.class.php at line 495
PHP ERROR: ldap_get_entries():  supplied argument is not a valid ldap result resource in /var/www/html/glpi/inc/user.class.php at line 496

In the php-error.log I have this:

05-12-2008 17:54
Warning(2): ldap_get_entries(): supplied argument is not a valid ldap result resource
Backtrace :
/var/www/html/glpi/inc/user.class.php:496               ldap_get_entries()
/var/www/html/glpi/inc/ldap.function.php:135            User->getFromLDAP()
/var/www/html/glpi/inc/ldap.function.php:101            ldapImportUserByServerId()
/var/www/html/glpi/front/ldap.import.php:59             ldapImportUser()

Again this is only for some users but can not see what difference there is between a user that is importing and one that can not.

Here is the ldap connection info:

server: 192.168.1.1
ldap port: 3268
basedn: dc=domain,dc=net
rootdn:  CN=sa,OU=Service Accounts,OU=location,DC=domain,DC=net
login field:  samaccountname
connection filter:  (&(userprincipalname=*)(useraccountcontrol=*))

I have also tried the default connection filter with the same results

Last edited by jpalmer99 (2008-12-05 20:16:26)

Offline

#2 2008-12-09 16:05:21

EvilGrin
Member
Registered: 2008-12-09
Posts: 1

Re: Trouble importing only some AD users

I've seen this before with other software and LDAP integration. The issue is your base DN. You need to change it so it refers to a OU within your AD structure. Windows doesn't like it when you reference the entire AD structure. For example, if you kept all your users in a OU called 'AllUsers' you should use the following base db.

ou=allusers,dc=domain,dc=net

At which point it'll work.

Offline

#3 2008-12-10 15:03:35

jpalmer99
Member
Registered: 2008-08-29
Posts: 17

Re: Trouble importing only some AD users

We have a root domain with sub-domains so trying to use the global catalog port would be the most elegant solution.  I could not get that to work with all users for some reason so I did a workaround.  I created a connection to each of our sub-domains using port 389 instead of 3268 (global catalog) and that seemed to do the trick.

Offline

Pages: 1

Board footer

Powered by FluxBB