>>but there is no LDAP Container Settings. (I think we need them there)
Ahhh... now I know what you mean. There should be a 'LDAP-Search-Container-Field' in the first screen (show users) - yes you are right. Thomas Von: Martin Voßloh <martin.voss...@mhp.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 07.11.2014 13:54 Betreff: Re: [Assp-test] LDAP and "Manage Admin Users!" Hi, ok - now I understand and it works (Windows 2008R2), Thank you, but.... in the first mask I could use objectclass or attributes and the are useless in my infrastructure and I to search my error. Wrong way. In the second screen it is now working for me with using the right "LDAP Container" with the possibility to use the same "user name" from top or a different name. Thx for the hint. Now my users name is 'Thomas Eckardt' and it works great :) Thx for your help again. Regards Martin -----Ursprüngliche Nachricht----- Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] Gesendet: Freitag, 7. November 2014 12:54 An: ASSP development mailing list Betreff: Re: [Assp-test] LDAP and "Manage Admin Users!" >but there is no LDAP Container Settings. (I think we need them there) You must specify them while creating the user, if it is required by your LDAP server. I can't reproduce an AD login - I don't use an AD. My LDAP server is configured to allow contextless login using the common name (cn). The 'LDAP Container Settings' (if defined) are used as 'user login string' - the literal 'USER' is replaced by the assp user name. So it is possible to define an assp user name like 'Thomas Eckardt' (really nice :=)) and to define a different LDAP login account like: cn=theboss,dn=domain,dn=local In such a case, the user can login with his name, using the password of another account, which is hard linked to the AD account inside assp (very special). Another option for AD login is using the local emailaddress like : admin10@yourdomain.local - IMHO this is accepted by AD for a user login (I don't know if it works with AD LDAP) Every AD-controller has some tools on hand - also for LDAP login and browsing - just play around if you have time. CN=USER,OU=IT Department,OU=Germany,DC=mhp,DC=com CN=USER,OU=IT Department,OU=Germany,DC=mhp,DC=local CN=USER,OU=DerKunde,OU=Kunden,OU=Germany,DC=mhp,DC=local CN=USER,OU=Users,DC=mhp,DC=local How ever, this should be good examples for the 'LDAP Container Settings' using AD and logon with the common name >LDAP bind/auth error: 48 looks like SSL is not enabled for LDAP or the user could not be found ( LDAP Container Settings) >"-ResultSize Unlimite" type the user name via keyboard - if there are several thousand user accounts, nobody knows what happens. Thomas Von: Martin Voßloh <martin.voss...@mhp.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 07.11.2014 12:00 Betreff: Re: [Assp-test] LDAP and "Manage Admin Users!" Hi Thomas, thanks for your reply. -> Coolest software ever :) Ok, I have change the information "UID" to "sAMAccountName" and I see only some entrys but not all. If I change the attribute to anything other I only see some accounts and not all. Looks like a restriction. "-ResultSize Unlimite" is for a big LDAP necessary - without it it shows only the first 1000 entrys. For eMail in ASSP checks its working but for the authentication Admin Dialog not I think. Then I use a account I dont need but who is accessible for me. I chose the account and it is displayed on "user name :" "use LDAP / LDAP host :" is set with settings from the LDAP Setup After continue I see more dialog but there is no LDAP Container Settings. (I think we need them there) The rest is normal for me with the part of user rights like local users. ASSP version 2.4.4(14307) In the End - no login for the new user is possible. Nov-07-14 11:19:35 [Main_Thread] WebAuth: user admin10 - LDAP bind/auth error: 48 - No password, did you mean noauth or anonymous ? -- try local password Is it right that the LDAP Container Settings will fill out by the selected User ? Thanks for you and your work. Regards Martin -----Ursprüngliche Nachricht----- Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] Gesendet: Freitag, 7. November 2014 09:03 An: ASSP development mailing list Betreff: Re: [Assp-test] LDAP and "Manage Admin Users!" What is not working? - select new user - fill the select field with a part of the user name you are looking for or leave it blank - LDAP objectclass should be 'person' - LDAP return attribute could be any, but 'uid' or 'cn' or 'mailaddress' are usefull (what ever your LDAP/AD accepts for a userlogin) - userPrincipalName seems to be also an option in AD - click show - you'll get a list of users below - if you used 'cn' as attribute and you got a list , the LDAP server possibly supports contextless login - click on a user, this fills the user name field with the right content - click continue The dialog has not to be used this way strictly. You may also define the user name manualy (for example if you use a different LDAP server for the login) - now the dialog is the same like for local users - in addition the LDAP section must be configured - define the LDAP server - the field is prompted with the one from the main config - if ports are not defined, the default ports are used according to the next settings - select the LDAP version to be used (eg. 3) - LDAP container could be blank, if you used the cn (common name) attribute as user name and the LDAP server supports contextless login otherwise you need to define the LDAP location of the user (eg. "cn=USER, o=org, c=country" or "cn=USER, dn=org, dn=country" - in AD for example "cn=USER, cn=Users, dn=domain, dn=local") As a LDAP admin you should know what to do! - in most cases you have to use LDAP-SSL for user logins - most LDAP servers don't accept plain text logins - keep in mind, the AD handles user names not cases sensitive - ASSP is doing it case sensitive! If you finished the user configuration, the user should be able to login. If there is anything wrong, you should see something like Nov-7-14 07:47:30 [Main_Thread] WebAuth: user xxxx - LDAP bind/auth error: 48 - Bind failed: Username / password binds not allowed -- try local password in the log. Here 'LDAP-SSL' was not enabled for example Thomas Von: Martin Voßloh <martin.voss...@mhp.com> An: "assp-test@lists.sourceforge.net" <assp-test@lists.sourceforge.net> Datum: 06.11.2014 18:28 Betreff: [Assp-test] LDAP and "Manage Admin Users!" Hello, I use ASSP a long time with different Users. All admin users are local ones because I don´t know how to configure for LDAP. The "LDAP Setup" in ASSP ist working fine and I check all user email adresses against the AD of Windows Server 2008 R2 but I couldn´t find my problem for the admin users. Does it exist some log informations for a bad try (debug)? Any example or Wiki information? Thanks for help. Regards Martin ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
