in AD 2008, do not have uid, so i user disPlayname=%u, %u is the cloudstack username.
i also follow this ,install cloudmoney and ldapconfig it. http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-cloudstack-v401.html > ldap config hostname=192.168.123.61 searchbase=ou=member,DC=lab,DC=com > queryfilter=(diaplayname=%u) binddn=CN=dota,ou=member,DC=lab,DC=com > bindpass=123@lab port=389 ldapconfig: binddn = CN=dota,ou=member,DC=lab,DC=com hostname = 192.168.123.61 port = false queryfilter = (diaplayname=%u) searchbase = ou=member,DC=lab,DC=com >> Dn: CN=dota,OU=member,DC=lab,DC=com 0> objectClass: 0> cn: 0> distinguishedName: 0> instanceType: 0> whenCreated: 0> whenChanged: 0> displayName: 0> uSNCreated: 0> uSNChanged: 0> name: 0> objectGUID: 0> userAccountControl: 0> badPwdCount: 0> codePage: 0> countryCode: 0> badPasswordTime: 0> lastLogoff: 0> lastLogon: 0> pwdLastSet: 0> primaryGroupID: 0> objectSid: 0> accountExpires: 0> logonCount: 0> sAMAccountName: 0> sAMAccountType: 0> userPrincipalName: 0> objectCategory: 0> dSCorePropagationData: 0> lastLogonTimestamp: 2013/8/25 Kirk Jantzer <kirk.jant...@gmail.com>: > It appears your queryfilter may be incorrect - You are trying to match the > %u in CloudStack to 'disPlayname' in AD? Verify that whatever you put into > the username field in CS matches whatever is in the 'disPlayname' field in > AD (this can be found by opening AD Users and Computers, selecting the menu > option to show advanced properties, then looking at the user, then clicking > the 'attributes' tab. > > > Regards, > > Kirk Jantzer > http://about.met/kirkjantzer > > > On Sat, Aug 24, 2013 at 12:48 PM, 不坏阿峰 <onlydeb...@gmail.com> wrote: > >> Cloudstack4.1.1 >> (1). i create same user: dota on Active Directory and CS >> (2). i have test ldap query by binddn cn=dota,ou=member,dc=lab,dc=com, >> it is ok,so active directory ldap is ready. >> (3). have two user under ou=member, dc=lab,dc=com: dota , csuser01 >> (4). enable integration.api.port =8096, and restart CS-mangement >> >> Q1: from the CS log, ldap server configed, but IE response false, >> what is correct information? >> >> Q2: how many user should be created on both Active Directory and CS ? >> or only one for ldap config, active directory create other user just >> for CS use >> >> Q3: what will change in UI when ldap config success? can see users >> imported from Active Directory ? can use csuser01 to login CS ?(i try >> log in but failure) >> >> >> >> http://192.168.230.2:8096/client/api?command=ldapConfig&hostname=192.168.123.61&searchbase=OU%3Dmember%2CDC%3Dlab%2CDC%3Dcom&queryfilter=%28%26%28disPlayname%3D%25u%29%29&binddn=CN%3Ddota%2COU%3Dmember%2CDC%3Dlab%2CDC%3Dcom&bindpass=123@lab&port=389&response=json >> >> ####### Got this response:##### >> { "ldapconfigresponse" : { "ldapconfig" : >> >> {"hostname":"192.168.123.61","port":"false","searchbase":"OU=member,DC=lab,DC=com","queryfilter":"(&(disPlayname=%u))","binddn":"CN=dota,OU=member,DC=lab,DC=com"} >> } } >> >> ####### CS log ######### >> 2013-08-24 21:10:44,453 DEBUG >> [cloud.configuration.ConfigurationManagerImpl] (ApiServer-4:null) The >> ldap server is configured: 192.168.123.61 >> >> ######## other thing i checked ###### >> (1) in CS4.1.1 ,sharedFunctions.js , var md5HashedLogin = fals >> (2) when create dota in CS, "Network Domain" i put lab.com, username i >> put dota >>