You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2008-09-14 01:42:16

monkeymafia
Member
Registered: 2008-08-04
Posts: 31

AD Authentication

hi all,

I'm trying to connect to active directory but when I go to users > LDAP link > import new users. It says no users to be imported. please help me.

im using latest version of glpi 0.71.1.

here is my ldap configuration:

Name: ad
Server: Ip address of my domain controller
Basedn: DC=name of my domain
pass (for non-anonymous binds: blank
connection filter: (objectClass=user)
use TLS: No
how LDAP aliases should be handles: Never dereferenced (Default)
LDAP port: 389
rootdn: blank
login field: samaccountname

search type: users & groups
filter to serach in groups: (objectClass=group)
use DN in the search: Yes
user attribute containing its groups: memberof
group attribute containing its users: member

test connection works fine. any help appreciated.

Offline

#2 2008-09-14 08:09:08

remi
GLPI-DEV
From: Champagne
Registered: 2007-04-28
Posts: 7,127
Website

Re: AD Authentication

Ad doesn't accept anonymous connection.

You must fill rootdn and password with an existing AD account.

++

Dév. Fedora 29 - PHP 5.6/7.0/7.1/7.2/7.3/7.4 - MariaDB 10.3 - GLPI master
Certifié ITILv3 - RPM pour Fedora, RHEL et CentOS sur https://blog.remirepo.net/

Offline

#3 2008-09-14 11:00:52

monkeymafia
Member
Registered: 2008-08-04
Posts: 31

Re: AD Authentication

thanks for the reply.

I entered in my AD account login name in rootdn and also my password in pass.

The same thing is still happening, no users to be imported..

i used the pre configured settings when setting up the authentication, don't know if this makes a difference or not.

Do I need to allow any rules in my firewall perhaps?

thanks again.

Offline

#4 2008-09-14 11:16:01

wawa
GLPI-DEV
From: Montpellier / France
Registered: 2006-07-03
Posts: 6,019
Website

Re: AD Authentication

AD configuration in GLPI is case sensitive, are you sure everything is written with the right case ?

Offline

#5 2008-09-14 11:55:45

monkeymafia
Member
Registered: 2008-08-04
Posts: 31

Re: AD Authentication

I think the problem lies with my basedn and rootdn entries:

I don't understand what i should put for them exactly:

Root DN        : CN=glpi, CN=users, DC=MYDOMAIN, DC= NET
Base DN        : DC=MYDOMAIN, DC=NET

do i need to put dc=net??  mydomain is just the name of the domain right? and not the ip address. sad

Offline

#6 2008-09-14 11:56:51

wawa
GLPI-DEV
From: Montpellier / France
Registered: 2006-07-03
Posts: 6,019
Website

Re: AD Authentication

basedn must be DC=MYDOMAIN, DC=NET

Offline

#7 2008-09-14 15:07:06

monkeymafia
Member
Registered: 2008-08-04
Posts: 31

Re: AD Authentication

my basedn is: DC=domainname, DC=NET
rootdn: CN=myADUsername, CN= users, DC=domainname, CN= NET

now when i do a test connection it fails hmm

any other ideas?

Offline

#8 2008-09-16 04:24:34

Paulus Agung
Member
From: Indonesia
Registered: 2008-04-04
Posts: 9
Website

Re: AD Authentication

Don't use any spaces in basedn and rootdn.

Offline

#9 2008-09-17 13:39:09

monkeymafia
Member
Registered: 2008-08-04
Posts: 31

Re: AD Authentication

okay still no luck. this is frustrating. I know its something to do with the details im entering.

Can someone pleeasee tell me what I should be entering in the boxes on the Authentication page. and why do i need to enter DC=net??

I've read the documentation but I can't make sense of connecting glpi to AD.

please helpp.

Offline

#10 2008-09-18 06:46:53

Chakindra
Member
Registered: 2008-09-18
Posts: 7

Re: AD Authentication

I could be wrong, but it sounds to me like you're using the incorrect RootDN. Have you tried using ADexplorer or similar tools to check the precise location of the account, you're using to authenticate with?

The following is from the documentation, I wrote for my company. It might give you some ideas:

Name: dc-01 (just a text field, any name will do)
Server:  (the actual address of the DC – can be IP or DNS hostname).
LDAP Port: 389
BaseDN: dc=company,dc=com
RootDN: cn=authenticator,ou=administrators,ou=dk (we use country codes to separate users),ou=company users,dc=company,dc=com (or any other account with rights to authenticate other users)
Pass: (enter the password of the RootDN user account)
Login Field: samaccountname
Connection Filter: (&(objectclass=user)(objectcategory=person))
Use TLS: No
Time Zone: (Please use correct timezone)
How LDAP aliases should be handled: Never dereferenced (default)

Search type: Users & Groups
User attribute containing its groups: (leave blank)
Filter to search in groups: (&(objectclass=user)(objectcategory=person))
Group attribute containing its users: (leave blank)
Use DN in the search: Yes

I had to do a bit of fiddling in the beginning (most ADs differ from one another), but I've been through several installations and upgrades with these settings, and they've worked like a charm.

Offline

#11 2008-09-18 07:50:04

vlad25
Member
Registered: 2008-09-18
Posts: 30

Re: AD Authentication

We have Windows 2008 Server.
AD (LDAP) authentication works just fine.
So, AD Guide can be updates and 2008 added as well.

Offline

#12 2008-09-18 08:00:52

vlad25
Member
Registered: 2008-09-18
Posts: 30

Re: AD Authentication

Another Advice to those struggling with AD - LDAP authenitcation: Download LDAP browser, this way you will be able to see clearly how your attributes are positioned and named.

Offline

#13 2008-09-24 16:43:37

monkeymafia
Member
Registered: 2008-08-04
Posts: 31

Re: AD Authentication

thanks for the replies. I tried LDAP browser and I discovered I was entering the wrong information for basedn. That has now been corrected smile However I am still getting test failed. What else could I be doing wrong?? thanks again.

Offline

Pages: 1

Board footer

Powered by FluxBB