Cant login to Admin console after enabling LDAP

Mark_Christensen · July 6, 2006, 3:20pm

first off, I searched all the posts I could for login issues after config. LDAP, nothing seemed to work, so I decided to post.

here is a view of the XML file;

fields with a SMTP address and password, even tried the LDAP layout, still not able to login.

I’'m testing on a XP SP2 box and running WIFI v2.6.2

Any Ideas???

matt · July 6, 2006, 4:02pm

Mark,

When you have LDAP turned on, the authorizedUsernames field should contain at least one username that’‘s in LDAP. The user you created during setup will no longer work after you’'re connected to LDAP.

Regards,

Matt

Mark_Christensen · July 6, 2006, 9:26pm

I added several different LDAP/AD users in the authorizedUsernames field and still couldnt login. Any other ideas?

fathed · July 7, 2006, 2:45am

If I recall correctly, when I first setup Wildfire and hooked it up to my AD, I remember having a problem with using an OU much in the same way you are. Try changing your baseDN to just the dc=domainname, dc=com(local or whatever).

For my adminDN, I used username@domainname.whatever, so administrator@testdomain.local. Although that account just needs read permissions to the domain AD, so administrator isn’'t required. User the password for that account in the adminPassword.

Once that is done, set your authorizedusername to any samaccountname you want to use as an “administrator”. The samAccountName is the NT style account name, aka just the username.

For your groupMemberField, you may want to set that to member instead of memberUID.

Lastly, set posixMode to false, I’'ve read posts saying it needed to be set to true, but those people were/are using openLDAP and not ActiveDirectory.

Hope that helps.

Mark_Christensen · July 7, 2006, 1:14pm

well I decided to uninstall WiFi and reinstall and start over. Here is my current config;

I believe it was the BaseDN and posixMode tags that needed to be corrected, in my case. Now I just need to figure out if I can get the BaseDN narrowed down to look at a specified folder and then get Groups figured out.

thanks everyone who assisted.

mark

fathed · July 7, 2006, 8:57pm

I found it’'s better to use the serch filters to narrow down the users instead of trying to use a different basedn.

Mark_Christensen · July 10, 2006, 3:12pm

I am going to add the search filters in an attempt to get AD groups working. thanks