Hello :) On Wed, 15 Apr 2020 at 19:06, Mathias Kocks <ko...@labmed.de> wrote:
> Hello, > > i am new to this project and a have a problem with the LDAP-Sync. I even > can not find any good documentations... > Documentation ATM is mostly questions and answers at ML https://openmeetings.markmail.org/ And this PR https://github.com/apache/openmeetings/pull/61 (please check both *.md file and discussion) > > > My problem is, that slapd does not find any user in my AD. I am not even > shure, if it is searching for real. I found in the mailing list archive > some example configs, but they does not work for me. > enabling additional logging might help to understand what is wrong (please check github PR for details) > I found this one: > > > > #LDAP URL > > ldap_conn_host=LDAP_server.Company.com > > ldap_conn_port=636 > > ldap_conn_secure=true > > > > # Login distinguished name (DN) for Authentication on LDAP Server > > # Use full qualified LDAP DN > > ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com > > > > # Loginpass for Authentication on LDAP Server > > ldap_passwd=ldapauthpasswd > > > > # base to search for userdata(of user, that wants to login) > > ldap_search_base=OU=Users,DC=Company,DC=com > > #ldap_search_base=DC=Company,DC=com > > > > # Fieldnames (can differ between Ldap servers) > > > ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s)) > this `%1$s` looks suspicious I would change it with `%s` > #ldap_search_query=(sAMAccountName=%s) > > #ldap_search_query=(CN=%s) > > > > # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE > > ldap_search_scope=SUBTREE > > > > # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND) > > ldap_auth_type=SEARCHANDBIND > > > > # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND > > ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de > ,DC=com > > #ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com > > #ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com > > #ldap_userdn_format=CN=%s,DC=Company,DC=com > > > > # Ldap-password synchronization to OM DB > > ldap_sync_password_to_om=false > > > > # Ldap user attributes mapping > > # Set the following internal OM user attributes to their corresponding > > Ldap-attribute > > ldap_user_attr_lastname=sn > > > > But even after i changed it to my AD and tried several changes, no users > were found. > Have you tried to search with any LDAP explorer first? (I personally using Apache Directory Studio) > > > My actual config: > > > > ldap_server_type=AD > > ldap_conn_host=dc2.labmed.de > > ldap_conn_port=389 > > ldap_conn_secure=false > > ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de > > ldap_passwd=SuperSecretPassword > > ldap_search_base=OU=labmed,DC=labmed,DC=de > > #ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s)) > > ldap_search_query=(sAMAccountName=%s) > > ldap_search_scope= SUBTREE > > ldap_auth_type=SEARCHANDBIND > > ldap_deref_mode=never > > ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de > > ldap_provisionning=NONE > > ldap_use_admin_to_get_attrs=true > > ldap_sync_password_to_om=false > > ldap_sync_attr_lastname=sn > > ldap_user_attr_firstname=givenName > > ldap_user_attr_mail=mail > > ldap_user_attr_street=streetAddress > > ldap_user_attr_additionalname=description > > ldap_user_attr_fax=facsimileTelephoneNumber > > ldap_user_attr_zip=postalCode > > ldap_user_attr_country=co > > ldap_user_attr_town=l > > ldap_user_attr_phone=telephoneNumber > > ldap_use_lower_case=false > > > > > > It is the second day by now were i am bursting by happyness.... > Looking at config it's hard to say what is wrong (and access to LDAP/AD server usually private) So I would suggest to 1) check credentials/queries using LDAP explorer first 2) enable additional logging and check logs :) > > > > > > > Mit freundlichen Grüßen > > > > *Mathias Kocks* > > *Teamleitung IT-Infrastruktur* > > *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)* > > > > Überörtliche Berufsausübungsgemeinschaft > > *Medizinisches Versorgungszentrum* > > *Dr. Eberhard & Partner Dortmund* > > MVZ-Haus 3: Balkenstr. 12-14 > > 44137 Dortmund, Germany > > > > Tel.: +49 231 9572 7158 > > Fax.: +49 231 9572 18 159 > > E-Mail: ko...@labmed.de > > Web: https://www.labmed.de > > > -- Best regards, Maxim