Forum GLPI-Project

r0se

Member

Registered: 2020-08-31

Posts: 5

Import users from LDAP

Hello,
I have the problem with import users from LDAP.

My ldap configuration:

Connection test to LDAP server is successful

I've tried many search filter configuration, but GLPI don't find any users to import.

•    (&(objectClass=person)(objectClass=user))
•    (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
•    (&(objectClass=user)(objectClass=top)(objectClass=person))

Interestingly, GLPI can import groups from LDAP

---------------------------------------------------------------
GLPI:
GLPI 9.5.1
SQL Server version: 8.0.20
PHP Version : 7.4.3
Description:    Ubuntu 20.04 LTS

Last edited by r0se (2020-08-31 10:53:28)

Kaya84

Member

Registered: 2019-06-13

Posts: 196

Re: Import users from LDAP

Try the same query with an ldap tool (like ldapxplorer) and check if it returns some values.
My connection filter is
(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
and it work.

r0se

Member

Registered: 2020-08-31

Posts: 5

Re: Import users from LDAP

I used the query
(& (objectClass = user) (objectCategory = person) (! (userAccountControl: 1.2.840.113556.1.4.803: = 2)))
in Softerra LDAP and the program correctly displays the users list

LaDenrée

HELPER

Registered: 2012-11-19

Posts: 6,167

Re: Import users from LDAP

I read that "Connection test to LDAP server is successful" but I'm not sure connection is enough to import user.

instead "DN=GLPI, CN=use dc....  "  I Would just type "GLPI"  in RootDN (for non anonymous binds)

---

Trouver la panne avant de réparer...
GLPI10.0.10 (ubuntu 22.04 PHP8.1  Mariadb10.6 ) plugins : comportements 2.7.2 reports 1.16.0 formcreator 2.13.8, datainjection 2.13.4 fields 1.21.6

WebGreg

Member

Registered: 2020-02-27

Posts: 727

Re: Import users from LDAP

Hello,
I have the problem with import users from LDAP.

Did you try login as domain user?

---

--
GLPI 10.0.7
GLPI-Inventory 1.2.1
Ubuntu Server 20.04 LTS

r0se

Member

Registered: 2020-08-31

Posts: 5

Re: Import users from LDAP

@WebGreg,

Yes, what is more some of users also could login as domain but others still can't.
They received a message: "You don't have right to connect".

The User which could login, after some time received a message:"Incorrect username or password".
After time  when I changed Connection Filter query, Users received a message: "You do not have access to this application because your account was deactivated or removed"

cirtaz

Member

Registered: 2018-02-13

Posts: 25

Re: Import users from LDAP

In rootDN instead "DN=GLPI, CN=use dc....  " write "domain\username". In baseDN write value of attribute "distinguishedName" for example "OU=!Users,OU=Company,DC=domain,DC=local" without spaces

Last edited by cirtaz (2020-09-03 12:11:58)

r0se

Member

Registered: 2020-08-31

Posts: 5

Re: Import users from LDAP

I changed settings according to Your proposition

LDAP
BaseDN: OU=Users,DC=w*****,DC=k*****,DC=pl
also DC=w*****,DC=k*****,DC=pl
also  OU=F****,DC=w*****,DC=k*****,DC=pl

RootDN: w*****\user
Connection filter: (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
also (&(objectClass=user)(objectCategory=person))
also  (&(objectClass=top)(objectClass=person)(objectClass=organizationalPerson)(objectCategory=User))
Login field:  distinguishedname also samaccountname

In every case during searching Users in:
Administration > Users > LDAP directories > Import new users > Expert mode
I receive a message: No user to be imported

What is more interesting when I searching the Grups:
Administration > Groups > LDAP directories > Import of new groups
Filter to search in groups
(&(objectClass=user)(objectCategory=person))
Search filter for users
(&(objectClass=user)(objectCategory=person))
or empty

the result is Users and Grups objects.

Zakharov69

Member

Registered: 2017-11-17

Posts: 36

Re: Import users from LDAP

rootDN = CN=sa_glpi,CN=Users,DC=somename,DC=local

r0se

Member

Registered: 2020-08-31

Posts: 5

Re: Import users from LDAP

@Zakharov69
yes, that was my first setting

gianandrea

Member

Registered: 2017-01-25

Posts: 9

Re: Import users from LDAP

I have the very same behaviour. Can anyone send me in the right direction or a tutorial?

Thanks a lot!

gianandrea

Member

Registered: 2017-01-25

Posts: 9

Re: Import users from LDAP

I am stuck with the same problem (can't get the user list via LDAP). Is there a way to activate specific logging for this feature in order to debug?
The only message I get is "no user to import".
Authenticating on the Domain (ldap) works fine, thus I suppose the connection parameters are ok.

Thanks in advance,
G

WebGreg

Member

Registered: 2020-02-27

Posts: 727

Re: Import users from LDAP

1. Import group from AD (via LDAP)
2. Add profile.
3. Set rule when you bind group with profile.

---

--
GLPI 10.0.7
GLPI-Inventory 1.2.1
Ubuntu Server 20.04 LTS

gianandrea

Member

Registered: 2017-01-25

Posts: 9

Re: Import users from LDAP

Thanks for the kind reply.
My issue seems to be a step before. I just can't get any user list:

the groups list fine though:

I think that your suggestion is for the following step (assigning the users to groups)...

WebGreg

Member

Registered: 2020-02-27

Posts: 727

Re: Import users from LDAP

Go to expert mode and check base DN and filter.

I have something like this:

Base: DC=domain,DC=com
Filter: (& (samaccountname=*) (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))))

Or what did you set your rootDN on front/authldap.form.php?id=1  ?  But if you geting group list it seems like filter problem.

Last edited by WebGreg (2021-09-07 18:40:46)

---

--
GLPI 10.0.7
GLPI-Inventory 1.2.1
Ubuntu Server 20.04 LTS

gianandrea

Member

Registered: 2017-01-25

Posts: 9

Re: Import users from LDAP

Apparently you are right, but the same filter used elsewhere (like in LDAP administrator by softerra) works fine.
It's really strange. I'll triple check again the filter.

WebGreg

Member

Registered: 2020-02-27

Posts: 727

Re: Import users from LDAP

Not always filter set in one program will work in other too. Did you try with one of above?

I'll go back to the rootDN. I have: CN=userName,OU=part1,DC=domain,DC=com. R0se wrote that he have: RootDN: w*****\user

Last edited by WebGreg (2021-09-08 14:40:28)

---

--
GLPI 10.0.7
GLPI-Inventory 1.2.1
Ubuntu Server 20.04 LTS

gianandrea

Member

Registered: 2017-01-25

Posts: 9

Re: Import users from LDAP

The root DN, as far as I understand, works fine, since I get the groups and people are able to authenticate on LDAP.
The only thing that doesn't work is getting the user list to preemptively load all the users.

Frankly, I am about to give up. It looks like some kind of bug to me.

kumarabhinavv9

Member

Registered: 2021-09-13

Posts: 1

Re: Import users from LDAP

I have the same issue. Any tips for solution?

WebGreg

Member

Registered: 2020-02-27

Posts: 727

Re: Import users from LDAP

@gianandrea and @kumarabhinavv9 - are you using 9.5.5?

---

--
GLPI 10.0.7
GLPI-Inventory 1.2.1
Ubuntu Server 20.04 LTS

Kaya84

Member

Registered: 2019-06-13

Posts: 196

Re: Import users from LDAP

The root DN, as far as I understand, works fine, since I get the groups and people are able to authenticate on LDAP.
The only thing that doesn't work is getting the user list to preemptively load all the users.

Frankly, I am about to give up. It looks like some kind of bug to me.

Try using Ldapexplorer to check if the sytanx is correct.

Ps: se vuoi possiamo sentirci direttamente via MP