Active Directory LDAP login instructions

Added by Chris Rose almost 11 years ago

So, I've configured the LDAP authentication settings, including a read-capable user to perform the bind, but now I can't get a test user to log in.

The setup it this:

Host: ldap.mycompany.com
Port: 389
User: MYDOMAIN\readuser
Password: *****
Base DN: cn=Users,dc=ldap,dc=mycompany,dc=com
On-The-Fly creation: YES
Login: sAMAccountName
FirstName: givenName
LastName: sN
Email: email

I have a test user, call it 'testuser' who is also in the domain MYDOMAIN. When I try to log in using the username 'testuser', Wireshark tells me that the LDAP server is returning 0 results:

Request:

40    266.222567    my-host.mycompany.com    ldap.mycompany.com    LDAP    searchRequest(2) "cn=Users,dc=ldap,dc=mycompany,dc=com " wholeSubtree

Response:
41    266.223288    ldap.mycompany.com    my-host.mycompany.com    LDAP    searchResDone(2) success  [0 results]

When I try to enter the username 'MYDOMAIN\testuser' in the login field, nothing is sent out to LDAP at all.

What am I missing?

Replies (8)

RE: Active Directory LDAP login instructions - Added by andy copsey almost 11 years ago

Try the username as a DN, rather than a login. Look it up if necessary with a ldap browser such as softerra.
Coppo

RE: Active Directory LDAP login instructions - Added by Chris Rose almost 11 years ago

It turns out not to be the case.

The right configuration is documented here.

RE: Active Directory LDAP login instructions - Added by Felix Schäfer almost 11 years ago

If you got it to work, maybe you could edit the Guide (or trigger such an update)?

RE: Active Directory LDAP login instructions - Added by Chris Rose almost 11 years ago

I'm not sure if I'm allowed to do that. I'll try, though.

RE: Active Directory LDAP login instructions - Added by andy copsey almost 11 years ago

What fixed it for us was the format of the username needing to be in distinguished name format rather than login name. (windows sbs2003 active directory) after spending days (so much for free software) trying to get it to authenticate users. The base DN could be set almost anywhere as long as it was somewhere in the tree above the list of users needing access.
Coppo

RE: Active Directory LDAP login instructions - Added by seele speicher almost 10 years ago

All configuration above is wrong, i have configuration where posted in my blogs
check it out: http://syahik.wordpress.com/?p=73

RE: Active Directory LDAP login instructions - Added by Angel Berrios Davila almost 8 years ago

For us it worked this way on a Windows 2008 R2:

Port - 389
Account -
Base DN - DC=domain,DC=local

On-the-fly user creation - check

Login - sAMAccountName
First name - givenName
Last name - sN
Email - mail

(1-8/8)