AD Integration Issues

tsmr · 2007-12-28 11:36:39

rhooo
Login Field: glpi -> samaccountname

Lastname : sn
Firstname: givenname

dhiraj · 2007-12-28 11:38:49

I dont really get this .

I have configured user "glpi" in the AD , Do u mean to say

Login Field: glpi -> glpi

Lastname : sn
Firstname: glpi

tsmr · 2007-12-28 11:40:14

login field = adsi edit field to verify his login so it's : samaccountname

and for add his firstname and lastname in glpi ->
Lastname : sn
Firstname: givenname

use my config example :

http://www.glpi-project.org/forum/viewt … 496#p45496

dhiraj · 2007-12-28 11:44:45

Still nt working, honestly speaking I m nt getting anythingCan i see any screenshot of a wrking config

tsmr · 2007-12-28 11:47:14

can you go on irc channel #glpi on freenode.net ?

dhiraj · 2007-12-28 11:47:16

OK FINALLY its says TEST Successful

dhiraj · 2007-12-28 11:48:32

I was messing with the variables and root DN smwhere. OK now what next ?? I need to import users from the AD to GLPI ?? or wil they be done automatically ??

tsmr · 2007-12-28 11:52:02

Cool

So now you can import ad users or if the user log on , it will be added.
And next you must create a rule for entity and profile affectation.

dhiraj · 2007-12-28 11:54:37

I open the ldap.php page as u said ,when I click on "Import Users" it shows me something like this

Search filter for users
(glpi -> samaccountname=user)

No users to be imported

tsmr · 2007-12-28 11:59:01

http://www.glpi-project.org/forum/viewt … 496#p45496

dhiraj · 2007-12-28 12:15:16

Again not getting what u are trying to say (dont understand French using Google translate)

dhiraj · 2007-12-28 12:33:42

Now I get this error when i try to import users

PHP ERROR: ldap_search() [function.ldap-search]: Search: Bad search filter in /var/www/html/helpdesk/inc/ldap.function.php at line 180

tsmr · 2007-12-28 12:38:32

(&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=fr)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

dhiraj · 2007-12-28 14:04:32

I have to put the search filter as

the quoted text or

like this

(glpi -> &(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=fr)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

dhiraj · 2007-12-28 14:07:30

PS : I have Windows 2003 AD

tsmr · 2007-12-28 14:31:06

replace DC=MYDOMAIN with your domain

dhiraj · 2007-12-28 15:16:07

I have already done that , i think there is sm issue here with the filter string.

I have done one thing , I have started my LDAP Browser
and searched at my BASE DN with the filter

(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=net)

I get to see 1000 users defined in my AD

and when I put the complete string I dont get a single record so one thing is for sure that

my search string is only the one mentioned above .

Now on to the next case

On the ldap.import.php page shuld I give something like this

(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=powergrid,DC=net) ???

dhiraj · 2007-12-28 15:17:32

or maybe

(glpi -> samaccountname=(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=powergrid,DC=net))

PS : IS the & required in filter ???

tsmr · 2007-12-29 01:57:24

try with no filter ?

dhiraj · 2007-12-29 06:44:46

i tired with no filter , i guess it takes

(glpi -> samaccountname=*)

as the default filter . Hence I get the same error

PHP ERROR: ldap_search() [function.ldap-search]: Search: Bad search filter in /var/www/html/helpdesk/inc/ldap.function.php at line 180

tsmr · 2007-12-29 16:11:41

No you don't understand, this is on your ad configuration that you insert your filter not in import/sync field on ldap.php.

dhiraj · 2007-12-31 09:04:11

Ok i have tried as you said, I have put the connection filter in the AD page as directed ,

Now when I try to import users , I dont get any error but it says "No Users to be Imported" .

I even tried through any user defined in the AD but I m nt able to login and get the error

"unsuccessful authorization in LDAP"

Plz suggest something I need to close this urgently

Last edited by dhiraj (2007-12-31 09:38:54)

tsmr · 2007-12-31 11:38:50

so i think the user you yuse to read the AD in your AD setup in glpi is false or there is a problem. (rootdn & password)

dhiraj · 2007-12-31 12:06:31

I hv nt given any special permissions to the ad user "glpi" in the AD , do i need to give any special perm to him ??

dhiraj · 2007-12-31 12:08:24

rootdn and pass seems to be no issue coz the test connection would not be successful otherwise.

Plus I acted on ur advice and tested the user with LDAP Browser, this AD user can search info but cannot edit anything , it is just defined in the users OU of the AD

Forum GLPI-Project

Announcement

#26 2007-12-28 11:36:39

Re: AD Integration Issues

#27 2007-12-28 11:38:49

Re: AD Integration Issues

#28 2007-12-28 11:40:14

Re: AD Integration Issues

#29 2007-12-28 11:44:45

Re: AD Integration Issues

#30 2007-12-28 11:47:14

Re: AD Integration Issues

#31 2007-12-28 11:47:16

Re: AD Integration Issues

#32 2007-12-28 11:48:32

Re: AD Integration Issues

#33 2007-12-28 11:52:02

Re: AD Integration Issues

#34 2007-12-28 11:54:37

Re: AD Integration Issues

#35 2007-12-28 11:59:01

Re: AD Integration Issues

#36 2007-12-28 12:15:16

Re: AD Integration Issues

#37 2007-12-28 12:33:42

Re: AD Integration Issues

#38 2007-12-28 12:38:32

Re: AD Integration Issues

#39 2007-12-28 14:04:32

Re: AD Integration Issues

#40 2007-12-28 14:07:30

Re: AD Integration Issues

#41 2007-12-28 14:31:06

Re: AD Integration Issues

#42 2007-12-28 15:16:07

Re: AD Integration Issues

#43 2007-12-28 15:17:32

Re: AD Integration Issues

#44 2007-12-29 01:57:24

Re: AD Integration Issues

#45 2007-12-29 06:44:46

Re: AD Integration Issues

#46 2007-12-29 16:11:41

Re: AD Integration Issues

#47 2007-12-31 09:04:11

Re: AD Integration Issues

#48 2007-12-31 11:38:50

Re: AD Integration Issues

#49 2007-12-31 12:06:31

Re: AD Integration Issues

#50 2007-12-31 12:08:24

Re: AD Integration Issues

Board footer