I am having difficulty getting my LDAP configuration working, I have set the authentication type to ldap, and then set the following.
#LDAP Config Section.
$config['auth_ldap_version'] = 3; # v2 or v3
$config['auth_ldap_server'] = "dc1.test.com";
$config['auth_ldap_port'] = 389;
$config['auth_ldap_starttls'] = false;
$config['auth_ldap_prefix'] = "uid=";
$config['auth_ldap_suffix'] = ",dc=test,dc=com";
$config['auth_ldap_group'] = "";
$config['auth_ldap_groupbase'] = "cn=users,dc=test,dc=com";
$config['auth_ldap_groups']['domain admins']['level'] = 10;
$config['auth_ldap_groups']['pfy']['level'] = 7;
$config['auth_ldap_groups']['domain users']['level'] = 1;
I keep getting a an authentication failed, indicating a user/password mismatch. I am not sure how to make the configuration any more basic than this. The LDAP directory is Active Directory in Windows 2008 R2 Native mode.
Thank you,
Tim
Hi,
Not knowing much but should the LDAP suffix have "," at the beginning?
$config['auth_ldap_suffix'] = ",dc=test,dc=com";
Could it maybe be just "dc=test,dc=com"?
Guessing you've hashed out the real AD domain to protect the innocent?
Also.. try port 3268, this goes onto explain the difference between hitting port 389 and 3268; http://technet.microsoft.com/en-us/library/cc978012.aspx
-Dan
From: observium-bounces@observium.org [mailto:observium-bounces@observium.org] On Behalf Of Moermond, Timothy Sent: Tuesday, 3 July 2012 1:55 AM To: observium@observium.org Subject: [Observium] LDAP Authentication
I am having difficulty getting my LDAP configuration working, I have set the authentication type to ldap, and then set the following.
#LDAP Config Section. $config['auth_ldap_version'] = 3; # v2 or v3 $config['auth_ldap_server'] = "dc1.test.com"; $config['auth_ldap_port'] = 389; $config['auth_ldap_starttls'] = false; $config['auth_ldap_prefix'] = "uid="; $config['auth_ldap_suffix'] = ",dc=test,dc=com"; $config['auth_ldap_group'] = ""; $config['auth_ldap_groupbase'] = "cn=users,dc=test,dc=com"; $config['auth_ldap_groups']['domain admins']['level'] = 10; $config['auth_ldap_groups']['pfy']['level'] = 7; $config['auth_ldap_groups']['domain users']['level'] = 1;
I keep getting a an authentication failed, indicating a user/password mismatch. I am not sure how to make the configuration any more basic than this. The LDAP directory is Active Directory in Windows 2008 R2 Native mode.
Thank you,
Tim
Hi,
On Fri, 2012-07-06 at 13:47 +0000, Daniel Hooper wrote:
Not knowing much but should the LDAP suffix have “,” at the beginning?
Yes, it is.
$config['auth_ldap_suffix'] = ",dc=test,dc=com";
Basically we do prefix+username+suffix, so it should end up like uid=tom,dc=observium,dc=org.
Guessing you’ve hashed out the real AD domain to protect the innocent?
Also.. try port 3268, this goes onto explain the difference between hitting port 389 and 3268;http://technet.microsoft.com/en-us/library/cc978012.aspx
Other than that, I have no clue about AD or how to auth LDAP against it... Does it contain uid= "posix user" fields and memberUid groups?
Tom
participants (3)
-
Daniel Hooper -
Moermond, Timothy -
Tom Laermans