Try sAMAccountName=%u
On 26 August 2013 03:15, 不坏阿峰 <onlydeb...@gmail.com> wrote: > in AD 2008, do not have uid, so i user disPlayname=%u, %u is the > cloudstack username. > > i also follow this ,install cloudmoney and ldapconfig it. > > http://kirkjantzer.blogspot.com/2013/03/ldap-authentication-in-cloudstack-v401.html > > > ldap config hostname=192.168.123.61 searchbase=ou=member,DC=lab,DC=com > queryfilter=(diaplayname=%u) binddn=CN=dota,ou=member,DC=lab,DC=com > bindpass=123@lab port=389 > ldapconfig: > binddn = CN=dota,ou=member,DC=lab,DC=com > hostname = 192.168.123.61 > port = false > queryfilter = (diaplayname=%u) > searchbase = ou=member,DC=lab,DC=com > > >> Dn: CN=dota,OU=member,DC=lab,DC=com > 0> objectClass: > 0> cn: > 0> distinguishedName: > 0> instanceType: > 0> whenCreated: > 0> whenChanged: > 0> displayName: > 0> uSNCreated: > 0> uSNChanged: > 0> name: > 0> objectGUID: > 0> userAccountControl: > 0> badPwdCount: > 0> codePage: > 0> countryCode: > 0> badPasswordTime: > 0> lastLogoff: > 0> lastLogon: > 0> pwdLastSet: > 0> primaryGroupID: > 0> objectSid: > 0> accountExpires: > 0> logonCount: > 0> sAMAccountName: > 0> sAMAccountType: > 0> userPrincipalName: > 0> objectCategory: > 0> dSCorePropagationData: > 0> lastLogonTimestamp: > > 2013/8/25 Kirk Jantzer <kirk.jant...@gmail.com>: > > It appears your queryfilter may be incorrect - You are trying to match > the > > %u in CloudStack to 'disPlayname' in AD? Verify that whatever you put > into > > the username field in CS matches whatever is in the 'disPlayname' field > in > > AD (this can be found by opening AD Users and Computers, selecting the > menu > > option to show advanced properties, then looking at the user, then > clicking > > the 'attributes' tab. > > > > > > Regards, > > > > Kirk Jantzer > > http://about.met/kirkjantzer > > > > > > On Sat, Aug 24, 2013 at 12:48 PM, 不坏阿峰 <onlydeb...@gmail.com> wrote: > > > >> Cloudstack4.1.1 > >> (1). i create same user: dota on Active Directory and CS > >> (2). i have test ldap query by binddn cn=dota,ou=member,dc=lab,dc=com, > >> it is ok,so active directory ldap is ready. > >> (3). have two user under ou=member, dc=lab,dc=com: dota , csuser01 > >> (4). enable integration.api.port =8096, and restart CS-mangement > >> > >> Q1: from the CS log, ldap server configed, but IE response false, > >> what is correct information? > >> > >> Q2: how many user should be created on both Active Directory and CS ? > >> or only one for ldap config, active directory create other user just > >> for CS use > >> > >> Q3: what will change in UI when ldap config success? can see users > >> imported from Active Directory ? can use csuser01 to login CS ?(i try > >> log in but failure) > >> > >> > >> > >> > http://192.168.230.2:8096/client/api?command=ldapConfig&hostname=192.168.123.61&searchbase=OU%3Dmember%2CDC%3Dlab%2CDC%3Dcom&queryfilter=%28%26%28disPlayname%3D%25u%29%29&binddn=CN%3Ddota%2COU%3Dmember%2CDC%3Dlab%2CDC%3Dcom&bindpass=123@lab&port=389&response=json > >> > >> ####### Got this response:##### > >> { "ldapconfigresponse" : { "ldapconfig" : > >> > >> > {"hostname":"192.168.123.61","port":"false","searchbase":"OU=member,DC=lab,DC=com","queryfilter":"(&(disPlayname=%u))","binddn":"CN=dota,OU=member,DC=lab,DC=com"} > >> } } > >> > >> ####### CS log ######### > >> 2013-08-24 21:10:44,453 DEBUG > >> [cloud.configuration.ConfigurationManagerImpl] (ApiServer-4:null) The > >> ldap server is configured: 192.168.123.61 > >> > >> ######## other thing i checked ###### > >> (1) in CS4.1.1 ,sharedFunctions.js , var md5HashedLogin = fals > >> (2) when create dota in CS, "Network Domain" i put lab.com, username i > >> put dota > >> >