AD Integration Issues

tsmr · 2007-12-31 12:15:25

your last ad glpi config here plz

dhiraj · 2007-12-31 13:14:46

My last configuration is as follows

LDAP configuration
Name conn
Server ldap://192.168.1.1
LDAP Port: 389
Basedn: DC=mydomain,DC=net
rootdn: CN=glpi,CN=users,DC=mydomain,DC=net
pass: ***********
Connection Filter: (&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=NET))
Login Field: glpi -> samaccountname
Use TLS: no
Timezone GMT+5.5

Belonging to groups
Search type: In Users
User attribute containing its groups: memberof
Filter to search in groups: (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Group attribute containing its users:
Use DN in search Yes

GLPI/LDAP Links
Surname: sn
Firstname: givenname
Location: nothing
E-Mail: mail
Phone: telephonenumber
Phone 2: homephone
Mobile: Mobile

tsmr · 2007-12-31 13:36:06

Connection Filter:
(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
login field : samaccountname

dhiraj · 2007-12-31 14:03:00

GREAT ......! IT WORKS BUDDY .

Thanks a TON .........

But one ques still on my mind ...... we ll need to manually sync the users with AD each time a change in the AD happens ???
IS there any way to automatically does this thing ??? It would be a great time saver

dhiraj · 2007-12-31 14:39:12

SO here is my final working config

My last configuration is as follows

LDAP configuration
Name conn
Server ldap://192.168.1.1
LDAP Port: 389
Basedn: DC=mydomain,DC=net
rootdn: CN=glpi,CN=users,DC=mydomain,DC=net
pass: ***********
Connection Filter: (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Login Field: samaccountname
Use TLS: no
Timezone GMT+5.5

Belonging to groups
Search type: In Users
User attribute containing its groups: memberof
Filter to search in groups: (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Group attribute containing its users:
Use DN in search Yes

GLPI/LDAP Links
Surname: sn
Firstname: givenname
Location: nothing
E-Mail: mail
Phone: telephonenumber
Phone 2: homephone
Mobile: Mobile

tsmr · 2007-12-31 17:56:01

There is a script which can do this

scripts/ldap_mass_sync.php

dhiraj · 2008-01-01 06:04:25

New Issue :
Though I have imported around 1000 users frm the AD but have found that a few users have been left out, but the same can be added manually from the

/front/user.form.php

I wonder why these have been left out ...........

Is there any limidation in the AD or LDAP s/w that no more than 1000 users may be viewed at a time

Last edited by dhiraj (2008-01-01 11:18:06)

dhiraj · 2008-01-01 12:20:31

SOLVED the above issue :
Actually the problem is the default design of AD where for any LDAP query it only returns 1000 records. There is a value called maxPageSize in the AD which causes this behaviour. To counter this we need to change the settings in the AD . I set it to 5000 as per my reqs . and then imported all the users .

Reference : http://www.openldap.org/lists/openldap- … 00627.html

http://searchwinit.techtarget.com/tip/0 … 06,00.html

Thanks TSMR for ur help throught this ( i know i annoyed u at times) , But I do plan to put this thing in the Wiki so that most ppl may be benefit out of it

tsmr · 2008-01-01 14:56:21

cool

i close this thread.

Forum GLPI-Project

Announcement

#51 2007-12-31 12:15:25

Re: AD Integration Issues

#52 2007-12-31 13:14:46

Re: AD Integration Issues

#53 2007-12-31 13:36:06

Re: AD Integration Issues

#54 2007-12-31 14:03:00

Re: AD Integration Issues

#55 2007-12-31 14:39:12

Re: AD Integration Issues

#56 2007-12-31 17:56:01

Re: AD Integration Issues

#57 2008-01-01 06:04:25

Re: AD Integration Issues

#58 2008-01-01 12:20:31

Re: AD Integration Issues

#59 2008-01-01 14:56:21

Re: AD Integration Issues

Board footer