Ok, so now I don’t get it, because it all seems correct. I can use Apache Directory Studio in order to create a bind using ldap_conn_host=192.168.0.10 ldap_conn_port=389 ldap_admin_dn=CN=openmeetings,CN=Users,DC=domain,DC=intern ldap_passwd=<SomePassword>
Then I can perform a search in Apache Studio using ldap_search_base=OU=myfirm,DC=domain,DC=intern ldap_search_query=(sAMAccountName=%s) Which shows me exactly ONE hit. So why doesn’t it work then? NOW IT WORKS! I removed the „Add domain to username“-option. After that, I was able to login with a testuser. YES! Best wishes and thanks again! Alex Von: Maxim Solodovnik <[email protected]> Gesendet: Dienstag, 5. Mai 2020 17:01 An: Openmeetings user-list <[email protected]> Betreff: Re: Integration problems with Active Directory On Tue, 5 May 2020 at 21:57, Ninnig, Alexander <[email protected]<mailto:[email protected]>> wrote: Hi Maxim, 1) you can login with ldap_admin_dn and ldap_passwd --> yes While you logged in as ldap_admin_dn 2) try to search with base ldap_search_base and query ldap_search_query NOTE you need to request `%s` in ldap_search_query with login entered by user --> no result for the attribute „uid“! As I wrote in my own mail, this field is empty here. If I search for „sn“ instead of „uid“, I can find users. Please check my answer your big email :) It seems to me, that the problem is, that the field uid is always empty here. I tried to change ist to sAMAccountName, which is the unique login-name of our users, so I configured: Yes most probably this attr should be used for AD ldap_search_query=(sAMAccountName=%s) search is done using ldap_search_query and ldap_search_base there should be unique result ... ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=rhrlp,DC=intern [which is probably wrong, but hopefully not used, since I use SEARCHANDBIND] ldap_user_attr_login=sAMAccountName But that’s not working either. Best regards and thank you very much for all your work, Alex Von: Maxim Solodovnik <[email protected]<mailto:[email protected]>> Gesendet: Dienstag, 5. Mai 2020 16:27 An: Openmeetings user-list <[email protected]<mailto:[email protected]>> Betreff: Re: Integration problems with Active Directory Hello Osvaldo, grab you favorite LDAp explorer and check: 1) you can login with ldap_admin_dn and ldap_passwd IF login successful While you logged in as ldap_admin_dn 2) try to search with base ldap_search_base and query ldap_search_query NOTE you need to request `%s` in ldap_search_query with login entered by user If all was successful AND your search returning exactly 1 result get back here with results :) On Tue, 5 May 2020 at 21:05, Osvaldo OBA. Benítez Aliaga <[email protected]<mailto:[email protected]>> wrote: Already SIMPLEBIND by SEARCHANDBIND but it keeps giving me the same error. El 4/5/2020 a las 22:57, Maxim Solodovnik escribió: Hello Osvaldo, since your users doesn't "fit" into single LDAP DN pattern SIMPLEBIND should be replaced with SEARCHANDBIND In this case your users will be searched using search-base and search-query, then authenticated ... On Tue, 5 May 2020 at 01:16, Osvaldo OBA. Benítez Aliaga <[email protected]<mailto:[email protected]>> wrote: yes. I have managed to authenticate well with the user that declared (support) and authenticate well with the users that are in the same organizational unit (CN). Now the problem is with users who are in other organizational units. For example, those in the Domain Users OU El 4/5/2020 a las 12:09, Maxim Solodovnik escribió: > Have you tested it with LDAP explorer as I suggest? -- Best regards, Maxim -- Best regards, Maxim -- Best regards, Maxim
