CCing Rajani on this to see if she has any ideas..... If you haven't done so already can you try remove/re-add the LDAP server via the UI.
> Are there any logs in cloudstack that records the ldap activity? On failed adding of a LDAP server you will get a message back saying so and the server will not add. On authentication failure of an ldap user it will appear in the cloudstack logs. On 4 April 2014 11:47, Antonio Packery <antonio.pack...@t-systems.co.za> wrote: > Hi Ian, > > Change ldap.user.object to user but still no change. > > Busy sniffing the ldap server connection for any errors. > > Are there any logs in cloudstack that records the ldap activity? > > Regards > Antonio > > On 04/04/2014 12:14 PM, Ian Duffy wrote: > > Interesting, they look OK. > > Can you change ldap.user.object to have the value user then restart > the management server and check if things are back working as > expected. > > Thanks, > Ian > > > On 4 April 2014 11:11, Antonio Packery > <antonio.pack...@t-systems.co.za><mailto:antonio.pack...@t-systems.co.za> > wrote: >> Hi Ian, >> >> Here they are, ldap server via port 389 is being used. >> >> ldap.basedn The search base defines the starting point for the search in >> the directory tree Example: dc=cloud,dc=com. dc=....dc=....,dc=... >> ldap.bind.principal Specify the distinguished name of a user with the >> search permission on the directory CN=...,OU=...,DC=....,DC=.....,DC=..... >> ldap.email.attribute Sets the email attribute used within LDAP mail >> ldap.firstname.attribute Sets the firstname attribute used within LDAP >> givenname >> ldap.group.object Sets the object type of groups within LDAP >> groupOfUniqueNames >> ldap.group.user.uniquemember Sets the attribute for uniquemembers within >> a group uniquemember >> ldap.lastname.attribute Sets the lastname attribute used within LDAP sn >> ldap.search.group.principle Sets the principle of the group that users >> must be a member of >> ldap.truststore Enter the path to trusted keystore >> ldap.truststore.password Enter the password for trusted keystore >> ldap.user.object = inetOrgPerson >> ldap.username.attribute = sAMAccountName >> >> Regards >> Antonio >> >> On 04/04/2014 11:47 AM, Ian Duffy wrote: >> >> Hi Antonio, >> >> Can you confirm the values for the settings in global settings >> starting with "ldap." >> >> Since you mentioned AD I'm specifically interested in >> ldap.username.attribute and ldap.user.object >> >> Thanks, >> Ian >> >> On 4 April 2014 10:36, Antonio Packery >> <antonio.pack...@t-systems.co.za><mailto:antonio.pack...@t-systems.co.za><mailto:antonio.pack...@t-systems.co.za> >> wrote: >>> Hi, >>> >>> Since upgrading to CS 4.3 my AD LDAP authentication no longer works. All >>> my previous do seem to have been retained but i am not able to import any >>> LDAP users. >>> >>> Are there any log/configuration files i can check for errors? >>> >>> Also, any guidance on the correct syntac, ldap attributes to be using for >>> AD would help. >>> >>> Regards >>> Antonio >>> >>> >>> >>> Disclaimer: This message and/or attachment(s) may contain privileged, >>> confidential and/or personal information. If you are not the intended >>> recipient you may not disclose or distribute any of the information >>> contained within this message. In such case you must destroy this message >>> and inform the sender of the error. T-Systems does not accept liability for >>> any errors, omissions, information and viruses contained in the >>> transmission of this message. Any opinions, conclusions and other >>> information contained within this message not related to T-Systems' >>> official business is deemed to be that of the individual only and is not >>> endorsed by T-Systems. >>> >>> This message and/or attachment(s) may contain privileged or confidential >>> information. If you are not the intended recipient you may not disclose or >>> distribute any of the information contained within this message. In such >>> case you must destroy this message and inform the sender of the error. >>> T-Systems does not accept liability for any errors, omissions, information >>> and viruses contained in the transmission of this message. Any opinions, >>> conclusions and other information contained within this message not related >>> to T-Systems' official business is deemed to be that of the individual only >>> and is not endorsed by T-Systems. >>> >>> T-Systems - Business Flexibility >> >> >> Disclaimer: This message and/or attachment(s) may contain privileged, >> confidential and/or personal information. If you are not the intended >> recipient you may not disclose or distribute any of the information >> contained within this message. In such case you must destroy this message >> and inform the sender of the error. T-Systems does not accept liability for >> any errors, omissions, information and viruses contained in the transmission >> of this message. Any opinions, conclusions and other information contained >> within this message not related to T-Systems' official business is deemed to >> be that of the individual only and is not endorsed by T-Systems. >> >> This message and/or attachment(s) may contain privileged or confidential >> information. If you are not the intended recipient you may not disclose or >> distribute any of the information contained within this message. In such >> case you must destroy this message and inform the sender of the error. >> T-Systems does not accept liability for any errors, omissions, information >> and viruses contained in the transmission of this message. Any opinions, >> conclusions and other information contained within this message not related >> to T-Systems' official business is deemed to be that of the individual only >> and is not endorsed by T-Systems. >> >> T-Systems - Business Flexibility > > > Disclaimer: This message and/or attachment(s) may contain privileged, > confidential and/or personal information. If you are not the intended > recipient you may not disclose or distribute any of the information contained > within this message. In such case you must destroy this message and inform > the sender of the error. T-Systems does not accept liability for any errors, > omissions, information and viruses contained in the transmission of this > message. Any opinions, conclusions and other information contained within > this message not related to T-Systems' official business is deemed to be that > of the individual only and is not endorsed by T-Systems. > > This message and/or attachment(s) may contain privileged or confidential > information. If you are not the intended recipient you may not disclose or > distribute any of the information contained within this message. In such > case you must destroy this message and inform the sender of the error. > T-Systems does not accept liability for any errors, omissions, information > and viruses contained in the transmission of this message. Any opinions, > conclusions and other information contained within this message not related > to T-Systems' official business is deemed to be that of the individual only > and is not endorsed by T-Systems. > > T-Systems - Business Flexibility
