great :) On Tue, 5 May 2020 at 22:35, Ninnig, Alexander < [email protected]> wrote:
> Ok, so now I don’t get it, because it all seems correct. > > > > I can use Apache Directory Studio in order to create a bind using > > ldap_conn_host=192.168.0.10 > > ldap_conn_port=389 > > ldap_admin_dn=CN=openmeetings,CN=Users,DC=domain,DC=intern > > ldap_passwd=<SomePassword> > > > > Then I can perform a search in Apache Studio using > > ldap_search_base=OU=myfirm,DC=domain,DC=intern > > ldap_search_query=(sAMAccountName=%s) > > > > Which shows me exactly ONE hit. > > > > So why doesn’t it work then? > > > > > > NOW IT WORKS! > > I removed the „Add domain to username“-option. > > After that, I was able to login with a testuser. > > YES! > > > > > > Best wishes and thanks again! > > Alex > > > > *Von:* Maxim Solodovnik <[email protected]> > *Gesendet:* Dienstag, 5. Mai 2020 17:01 > *An:* Openmeetings user-list <[email protected]> > *Betreff:* Re: Integration problems with Active Directory > > > > > > > > On Tue, 5 May 2020 at 21:57, Ninnig, Alexander < > [email protected]> wrote: > > Hi Maxim, > > > > 1) you can login with ldap_admin_dn and ldap_passwd > > à yes > > While you logged in as ldap_admin_dn > > 2) try to search with base ldap_search_base and query ldap_search_query > > NOTE you need to request `%s` in ldap_search_query with login entered by > user > > à no result for the attribute „uid“! As I wrote in my own mail, this > field is empty here. If I search for „sn“ instead of „uid“, I can find > users. > > > > Please check my answer your big email :) > > > > > > It seems to me, that the problem is, that the field uid is always empty > here. > > I tried to change ist to sAMAccountName, which is the unique login-name of > our users, so I configured: > > > > Yes > > most probably this attr should be used for AD > > > > > > ldap_search_query=(sAMAccountName=%s) > > > > search is done using ldap_search_query and ldap_search_base > > there should be unique result ... > > > > ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=rhrlp,DC=intern [which is > probably wrong, but hopefully not used, since I use SEARCHANDBIND] > > ldap_user_attr_login=sAMAccountName > > > > But that’s not working either. > > > > Best regards and thank you very much for all your work, > > Alex > > > > *Von:* Maxim Solodovnik <[email protected]> > *Gesendet:* Dienstag, 5. Mai 2020 16:27 > *An:* Openmeetings user-list <[email protected]> > *Betreff:* Re: Integration problems with Active Directory > > > > Hello Osvaldo, > > > > grab you favorite LDAp explorer and check: > > 1) you can login with ldap_admin_dn and ldap_passwd > > IF login successful > > While you logged in as ldap_admin_dn > > 2) try to search with base ldap_search_base and query ldap_search_query > > NOTE you need to request `%s` in ldap_search_query with login entered by > user > > > > If all was successful AND your search returning exactly 1 result > > get back here with results :) > > > > On Tue, 5 May 2020 at 21:05, Osvaldo OBA. Benítez Aliaga < > [email protected]> wrote: > > Already SIMPLEBIND by SEARCHANDBIND but it keeps giving me the same error. > > El 4/5/2020 a las 22:57, Maxim Solodovnik escribió: > > Hello Osvaldo, > > > > since your users doesn't "fit" into single LDAP DN pattern SIMPLEBIND > should be replaced with SEARCHANDBIND > > In this case your users will be searched using search-base and > search-query, then authenticated ... > > > > On Tue, 5 May 2020 at 01:16, Osvaldo OBA. Benítez Aliaga < > [email protected]> wrote: > > yes. > I have managed to authenticate well with the user that declared > (support) and authenticate well with the users that are in the same > organizational unit (CN). Now the problem is with users who are in other > organizational units. For example, those in the Domain Users OU > > > El 4/5/2020 a las 12:09, Maxim Solodovnik escribió: > > Have you tested it with LDAP explorer as I suggest? > > > > > -- > > Best regards, > Maxim > > > > > -- > > Best regards, > Maxim > > > > > -- > > Best regards, > Maxim > -- Best regards, Maxim
