Hey Guys, I am in the same situation as Mathias ldap issue below.
My Config: ldap_conn_host=DC ldap_conn_port=389 ldap_conn_secure=false ldap_admin_dn='CN=Adm some user,OU=London,OU=Administrative Users,OU=RBG,OU=Rights Delegation,DC=domain,DC=local' ldap_passwd='******' ldap_search_base='OU=Company,DC=domain,DC=local' ldap_search_query=(sAMAccountName=%s) ldap_search_scope=ONELEVEL ldap_auth_type=SIMPLEBIND ldap_userdn_format='sAMAccountName=%s,OU=Users,OU=London,OU=UK,OU=Company,DC=domain,DC=local' ldap_provisionning=AUTOCREATE ldap_deref_mode=always ldap_use_admin_to_get_attrs=true ldap_sync_password_to_om=true ldap_group_mode=NONE ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup)) ldap_user_attr_login=sAMAccountName ldap_user_attr_lastname=sn ldap_user_attr_firstname=givenName ldap_user_attr_mail=mail ldap_user_attr_street=streetAddress ldap_user_attr_additionalname=description ldap_user_attr_fax=facsimileTelephoneNumber ldap_user_attr_zip=postalCode ldap_user_attr_country=co ldap_user_attr_town=l ldap_user_attr_phone=telephoneNumber ldap_group_attr=memberOf ldap_use_lower_case=false ldap_import_query=(objectClass=inetOrgPerson) Always returns: No users was found: Checked with ldapsearch and I can retrieve them fine, other systems that use LDAP from Linux such as Apache Guacamole and Next Cloud both have working AD integration using the same values I set there. Is there a way to get a better debug logs from open Meetings? About what it is sending to the DC? The initial bind status, error code from the DC etc.. I rem in old versions of OM we could run it in debug mode to stdout? Otherwise is there anything obviously I'm missing here? Best regards Stephen From: Mathias Kocks <[email protected]> Sent: 15 April 2020 13:06 To: [email protected] Subject: [Possible Untrusted Sender] Can not use LDAP-Sync with Microsoft Active Directory Hello, i am new to this project and a have a problem with the LDAP-Sync. I even can not find any good documentations... My problem is, that slapd does not find any user in my AD. I am not even shure, if it is searching for real. I found in the mailing list archive some example configs, but they does not work for me. I found this one: #LDAP URL ldap_conn_host=LDAP_server.Company.com ldap_conn_port=636 ldap_conn_secure=true # Login distinguished name (DN) for Authentication on LDAP Server # Use full qualified LDAP DN ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com # Loginpass for Authentication on LDAP Server ldap_passwd=ldapauthpasswd # base to search for userdata(of user, that wants to login) ldap_search_base=OU=Users,DC=Company,DC=com #ldap_search_base=DC=Company,DC=com # Fieldnames (can differ between Ldap servers) ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s)) #ldap_search_query=(sAMAccountName=%s) #ldap_search_query=(CN=%s) # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE ldap_search_scope=SUBTREE # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND) ldap_auth_type=SEARCHANDBIND # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de,DC=com #ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com #ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com #ldap_userdn_format=CN=%s,DC=Company,DC=com # Ldap-password synchronization to OM DB ldap_sync_password_to_om=false # Ldap user attributes mapping # Set the following internal OM user attributes to their corresponding Ldap-attribute ldap_user_attr_lastname=sn But even after i changed it to my AD and tried several changes, no users were found. My actual config: ldap_server_type=AD ldap_conn_host=dc2.labmed.de ldap_conn_port=389 ldap_conn_secure=false ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de ldap_passwd=SuperSecretPassword ldap_search_base=OU=labmed,DC=labmed,DC=de #ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s)) ldap_search_query=(sAMAccountName=%s) ldap_search_scope= SUBTREE ldap_auth_type=SEARCHANDBIND ldap_deref_mode=never ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de ldap_provisionning=NONE ldap_use_admin_to_get_attrs=true ldap_sync_password_to_om=false ldap_sync_attr_lastname=sn ldap_user_attr_firstname=givenName ldap_user_attr_mail=mail ldap_user_attr_street=streetAddress ldap_user_attr_additionalname=description ldap_user_attr_fax=facsimileTelephoneNumber ldap_user_attr_zip=postalCode ldap_user_attr_country=co ldap_user_attr_town=l ldap_user_attr_phone=telephoneNumber ldap_use_lower_case=false It is the second day by now were i am bursting by happyness.... Mit freundlichen Grüßen Mathias Kocks Teamleitung IT-Infrastruktur Zertifizierter Information Security Officer ISO 27001 (TÜV Süd) Überörtliche Berufsausübungsgemeinschaft Medizinisches Versorgungszentrum Dr. Eberhard & Partner Dortmund MVZ-Haus 3: Balkenstr. 12-14 44137 Dortmund, Germany Tel.: +49 231 9572 7158 Fax.: +49 231 9572 18 159 E-Mail: [email protected]<mailto:[email protected]> Web: https://www.labmed.de<https://urldefense.com/v3/__https:/www.labmed.de/__;!!Bv4Xkg!z5sh0C1R9gGjNPTiHdemYSPR49XGTx-AmD4F8_dWPIXAw6SpTR3u5VSZWX8_PwBU1whiqaubSw$>
