LDAP... I think I kind of got it working, but--

I have LDAP set up and I believe it’‘s working correctly. LDAP Debug is showing that it is making a connection and returning data, but it’'s not allowing logins.

Here’'s the relevent information:

Wildfire 2.5.1

Admin console listening at:

-> 10.0.0.10:389

0000: 30 31 02 01 01 60 2C 02 01 03 04 1C 61 64 6D 69 01…`,…admi

0010: 6E 69 73 74 72 61 74 6F 72 40 6E 69 6D 61 6E 72 nistrator@domain

0020: 61 6E 63 68 2E 63 6F 6D 80 09 6E 61 6D 69 6E 35 .com…passwo

0030: 35 39 31 rdedited

TIA,

Alex

You said its not allowing logins. With your configuration you will only be allowed to login as admin. What names are you trying to login with? I hope you have an account called admin. What type of LDAP are you trying to connect to? Active Directory? Is the host the LDAP server or domain controller?

It looks like you have some referals going on. What LDAP server are you using? Can you set things up so referals are not needed?

authorizedUsernames is just for admin logins I thought, so by setting it with “administrator” it should auth against my domain administrator account, or so I thought.

authizedJIDs I have tried blank and with a value of administrator.

I’'m trying to connect to ADS.

The host is a domain controller.

Thanks,

Alex

Sorry about not mentioning what kind of LDAP server I was using. It would be Active Directory.

As far as setting things up so referrals aren’‘t needed, I’'m an LDAP newbie, do you have any suggestions?

Thanks,

Alex

Ok, the configuration you have wont work for active directory. I dont use it, so I cant help you with the specifics of it, but many others here have. Be sure to search the fourm, there are many examples.

Someone in the know should post their config as a knoledgebase item, or something.

I have looked around and the configuration looks similar to other configurations for ADS. I see almost exactly no difference. I went all the way back to page 20 to find something about it and didn’'t.

“Almost exactly”? Take a look at this thread:

http://www.jivesoftware.org/community/thread.jspa?messageID=113017

The biggest difference you will see is that the username field is not uid, it is sAMAccountName. There are other differences too, the differences are important.

try this config. I think this would work

Thanks to both of you I have got this working now. sAMAccountName and displayName did it.

Good job. The next thing you might want is to only show user accounts and if you want, users belonging to a certain account. If so, here are my lines for that.

I created a group called IM in the builtin OU. Change it to fit your needs. Its 3 lines of code, not 4. The CDATA line is wrapped.

Good luck

Right. I did something along those lines actually. Everything works so well it brought a tear to my eye. I set the filter to only display one group (All) and it works flawlessly. Now all I have to do is show it to Upper management and show them how much more efficient this office could be.