I just installed the Wildfire today and am having trouble with the second step of the LDAP configuration (User Mapping). I am definitely not an AD expert and have been attempting to move along by searching the web and the forums here, but I’'m not coming up with much help this time and would appreciate if someone can point me in the right direction at the least.
My current configuration in Step 1 is as follows: (some names were changed to protect the company I work for)
Server Type: Active Directory
Host: testLab-DC1
Port: 389
Base DN: cn=testIM,dc=testlab,dc=com.
Administrator DN: cn=Administrator,cn=users,dc=testlab,dc=com.
Password: ***************
When I test the settings, it seems to be working fine. However, when I get to the User Mappings, it can never find any users. It gives me the default “Username Field” as sAMAccountName. I tried just using the defaults and I get an error as follows:
"A random profile is selected for you to review. Bold fields with no value mean that an error may have been found. To view another profile click ‘‘Next ramdom profile’’. When you are finished close this window.
Status: Error
No users were found using the specified configuration. Try changing the base DN, user filter or username field."
No matter what I do, the program can’'t seem to find any users. Can someone help me out a bit with this? It would be much appreciated.
http://www.ldapadministrator.com/download.htm
get the free ldap browser version, it has always helped me when I have ldap issues.
to your question, using this as your base DN cn=testIM,dc=testlab,dc=com
If the administrator account is as you say then it is outside of the realm of your base DN.
I would try to change your base DN to dc=testlab,dc=com, that way your testIM group and the Administrator are above that search and it should find everything in AD. Once you get that there are numerous other posts on this forum for limiting your AD search. but that can come later.
jledhead,
Thank you very much for your help, it’'s a little on the late side for me but I was curious to see if someone answered me. I will look at those downloads tomorrow morning and work on it.
I will also take your suggestion and change the DN and see if that works any better.
I have been searching on the forums for help with this issue and I have come across various other posts that will help you filter out undesireable names. I will be looking into that soon, but first I would like to get it working in general.
Again, I appreciate your response and help. I will post back no matter what happens.
I would be glad to help. I have recently finished configuring my server for full deployment. I am running in a pure windows environment with AD as LDAP. Below is my settings (some items changed for security):
Host: PDC.ad.mtstravel.com
Port: 389
Base DN: OU=
The Host should be the FQDN of your primary domain controler.
The Base DN needs to be the full path to the OU that contains your Users and Groups for your domain.
The Administrator DN can simply be an account you can use to bind to LDAP. I needed to add the domain in front of the username to make this work (yourdomain\admin).
I thank you both for your suggestions.
I donwloaded the tool suggested by jledhead and it is really interesting and can be useful. I did notice one thing I didn’'t do correctly and I fixed it. I also took the suggestion given by mtstravel and changed Administrator DN to my domain\administrator and password. Step 1 continues to pass without a problem. However, I am still getting the error below when I test the User Mapping (Step 2).
"Test: User Mapping
A random profile is selected for you to review. Bold fields with no value mean that an error may have been found. To view another profile click ‘‘Next ramdom profile’’. When you are finished close this window.
Status: Error
No users were found using the specified configuration. Try changing the base DN, user filter or username field. "
In Step 2, I have the Username Field set to “sAMAccountName”. The Search Fields is blank and in the user filter, I put in a variety of things. I put in (objectClass=), (sAMAccountName=), (sAMAccountName=) and the same variation on CID just for kicks. Nothing returns any users, and now that my base dn is just “dc=testlab,dc=com.”, it should be pulling all of the users I have here.
Thank you again in advance.
Here is my working config (modified for security, stuff between **, refer to previous post):
OU=,DC=ad,DC=mtstravel,DC=com**<username>**
password
true
false
false
false
sAMAccountName
(objectClass=organizationalPerson)
<![CDATA[
Message was edited by: mtstravel
I appreciate all of the help and thank the two of you for it. All of the knowledge has been useful. I have figured out the problem and was just about to post this when I saw your post mtstravel. It turns out that I messed up with the base DN and didn’'t notice it until I began working a lot more with the tool suggested earlier.
It took me a second time of going over it with a fine tooth comb to find anything funky and it was one of those stupid errors you always miss the first time you look at something.
Again, thank you both for all of your help.
Now on to testing the software out some and working with filtering.
I have made some adjustments in the vcard area that makes it map the fields correctly with AD.