You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2008-08-28 09:59:28

YaKs
Member
Registered: 2007-05-17
Posts: 24

LDAP problem - Access denied

Hi,

I finally decided to use the LDAP support like a first step to the integrated autentication process. I am runing 0.71.1 against AD 2003.

I set up my LDAP settings and the test was successful but when I try to log in with a user that belongs to the AD, I get an error page saying Access denied.

then I check the users in glpi and one new user was created but the fields are all in blank and the name of the user is a number.

I guess I have to map the right fields in order to get the user well created.
now my fields are by default...

Surname        cn
First name            givenname
E-Mail            mail
Phone        telephonenumber

any suggestion? somebody achieve to set up this version with integrated authentication running apache in windows?

thanks a lot in advance.
Jose

Offline

#2 2008-08-28 10:12:10

YaKs
Member
Registered: 2007-05-17
Posts: 24

Re: LDAP problem - Access denied

or maybe is the user running apache doesnt have rights to query AD?

Offline

#3 2008-08-28 19:16:03

joaoprietos
Member
From: Porto Alegre - RS / Brazil
Registered: 2008-08-19
Posts: 31

Re: LDAP problem - Access denied

This link have all the instructions about GLPI, LDAP and Active Directory integration:

http://glpi-project.org/wiki/doku.php?id=en:ldap

I think your configuration may be wrong in the "Login Field".

GLPI 9.1.6
4500+ computers / 2000 tickets month

Offline

#4 2008-09-08 10:53:27

airnike
Member
Registered: 2008-09-08
Posts: 9

Re: LDAP problem - Access denied

YaKs wrote:

Hi,

I finally decided to use the LDAP support like a first step to the integrated autentication process. I am runing 0.71.1 against AD 2003.

I set up my LDAP settings and the test was successful but when I try to log in with a user that belongs to the AD, I get an error page saying Access denied.

then I check the users in glpi and one new user was created but the fields are all in blank and the name of the user is a number.

I guess I have to map the right fields in order to get the user well created.
now my fields are by default...

Surname        cn
First name            givenname
E-Mail            mail
Phone        telephonenumber

any suggestion? somebody achieve to set up this version with integrated authentication running apache in windows?

thanks a lot in advance.
Jose

I've got the same problem like you and i've get an issue :

in the field : "login name", i'd put "sAMAccountName" but it must be in low case like this : "samaccountname" and that works fine.

That'all and sorry for my english, i'm french  :-)

See ya

Joyeuses fêtes à tous !

*GLPI 9.4.4, PHP 5.6.19, formcreator 2.9.0, datainjection 2.7.0, resources 2.6.3, ocsinventoryng 1.6.0, addressing 2.8.0
* MariaDB-10.1.10

Offline

#5 2008-09-08 10:56:33

airnike
Member
Registered: 2008-09-08
Posts: 9

Re: LDAP problem - Access denied

joaoprietos wrote:

This link have all the instructions about GLPI, LDAP and Active Directory integration:

http://glpi-project.org/wiki/doku.php?id=en:ldap

I think your configuration may be wrong in the "Login Field".

Yes thanks joaoprietos

That say :

Active Directory setup:

GLPI authentication against Windows 2000 Server / Windows Server 2003 Active Directory has been tested successfully.

Specify the domain controller name or IP address and the domain name as your BaseDN

    *
      Host: ldap://myDC.myAD.example.com
    *
      BaseDN: DC=myAD,DC=example,DC=com

Active Directory does not allow anonymous object search, so you have to specify an authorized user and his password. If you create a user named “GLPI user search” in the “Users” container of Active Directory, the RootDN would look like this: CN=GLPI user search,CN=Users,DC=myAD,DC=example,DC=com. If you move this user to some other organizational unit, you will have to modify the string accordingly (e.g. CN=GLPI user search,OU=Inventory,OU=IT Administration,DC=myAD,DC=example,DC=com).

You also should define an LDAP search filter in order to restrict the search to user accounts only. If you do not do this, you will be searching machine accounts and InetOrgPerson accounts as well. The filter should look like this: (&(objectClass=user)(objectCategory=person))

Now take care of the data mappings. Set the fields as follows:

    *
      Loginfield: samaccountname (write in low case)
    *
      Surname: sn
    *
      First name: givenname
    *
      E-Mail: mail
    *
      Location: physicaldeliveryofficename
    *
      Phone: telephonenumber

Due to limitations in code, the LDAP names are not to be capitalized (so, enter all LDAP attribute names in lower case), otherwise you will not get the attributes imported correctly.

Tip: If you encounter difficulties, ADSIEdit.msc provided with the Support Tools on the Windows Server installation CD enables you to browse your Active Directory and allows you to see all information available through LDAP, including all attribute and object names.

Last edited by airnike (2008-09-08 10:57:30)

Joyeuses fêtes à tous !

*GLPI 9.4.4, PHP 5.6.19, formcreator 2.9.0, datainjection 2.7.0, resources 2.6.3, ocsinventoryng 1.6.0, addressing 2.8.0
* MariaDB-10.1.10

Offline

Pages: 1

Board footer

Powered by FluxBB