NetXMS Support Forum

Im trying to integrate my netxms setup into a windows active directory server. I follow the admin guide but no success.

Here's my settings

LdapConnectionString :10.192.30.23:389
LdapSyncUser: "my AD admin username"
LdapSyncUserPassword: "my password"
LdapSearchBase:DC=mydomain,DC=internal
LdapSearchFilter: OU=people, CN=doki*    ---> Anything that start with doki

You assistance is greatly appreciated.

Thanks

Hi!

Do you have something in server log regarding LDAP? Also, try to set connection string as ldap://10.192.30.23

Best regards,
Victor

I am also having issues trying to get Netxms authenticating Active Directory users via LDAP. The documentation doesn't say much of anything on what typically goes in what fields to get this to work. I turned on debug logging and nothing interesting was logged either. I tried various connection strings and search base/filters.

I am running on 1.2.16.

Thanks,
Dean

Hi.

What exactly problems you have? You cannot login with synchronized user or you have problems with rights on objects or initial login to get users from LDAP goes with problems?

Also in your Previous config I can't see LdapUserClass and LdapMappingName. They are required for configuration.

LdapUserClass  - describes what class of objects will be treated as a users.
LdapMappingName - this is parameter that will be used as a login name.

In case of successful synchronization you will see something like:
"LDAPConnection::syncUsers(): User added: dn: %s, login name: %s, full name: %s, description: %s"

Also synchronized users will be seen on UI with all other NetXMS users.

Honestly, what I think would work better is a working example set of name value pairs in the documentation for various environments (including Active Directory). It doesn't say which parameters are required, or give example values for most of them.

The issue I am having is that the netXMS server never even contacts my domain controller to pull info. No users are ever put into netXMS. I tried the regular LDAP port as well as the global catalog port

Here are the settings I have. I am using the global catalog port (3268), as I want to authenticate users from multiple domains.

var_name   var_value
LdapConnectionString   ldap://dc1.domain.local:3268
LdapGroupClass   
LdapMappingDescription   Description
LdapMappingFullName   displayName
LdapMappingName   sAMAccountName
LdapSearchBase   OU=SITEA Users,DC=domain,DC=local
LdapSearchFilter      
LdapSyncInterval   120
LdapSyncUser   sitea.domain.local\printerldap
LdapSyncUserPassword   (removed)   
LdapUserClass   x
LdapUserDeleteAction   1

In configuration I see 1 mistake: no search filter. If all should be taken then filter should be "(objectClass=*)". In next release this value will be set by default if LdapSearchFilter will be empty.

It looks like your server is built without LDAP support. Please enable debug level 4, run command "ldapsync" in server console and provide output.

Thank you for advice! I'll add information about required fields, and some default configuration to documentation.

Hi,

I have added some updates to LDAP section: https://www.netxms.org/documentation/adminguide/user-management.html#integration-with-ldap

Please check. Comments and corrections are welcome.

Thank you!

That is super helpful, thank you!

We are much closer now.

So now with:

var_name   var_value
LdapConnectionString   ldap://10.100.226.9:389
LdapGroupClass   group
LdapMappingDescription   description
LdapMappingFullName   displayName
LdapMappingName   cn
LdapSearchBase   OU=XX Users,DC=XX,DC=XY,DC=local
LdapSearchFilter   (objectClass=*)
LdapSyncInterval   1440
LdapSyncUser   CN=printerldap,CN=Users,DC=XX,DC=XY,DC=local
LdapSyncUserPassword   xxxxx
LdapUserClass   user
LdapUserDeleteAction   1


And debug level of 4, I get this in the log:
[12-Sep-2014 09:34:38.080] [DEBUG] LDAPConnection::initLDAP(): Connecting to LDAP server
[12-Sep-2014 09:34:40.092] [DEBUG] LDAPConnection::loginLDAP(): LDAP could not login. Error code: Server Down

And listening for IP traffic to/from 10.100.226.9 I see no traffic whatsoever :-(

Most probably incorrect port.

The default setting is as follows:

• When [Off] is selected for "SSL"
  
  
  
  • If [Active Directory] or [Other LDAP Server] is selected, 389.
  • If [Active Directory Global Catalog] is selected, 3268.
• When [On (Full Validation: CA + Certificate)] or [On (Certificate Only, CA not validated)] is selected for "SSL"
  
  
  
  • If [Active Directory] or [Other LDAP Server] is selected, 636.
  • If [Active Directory Global Catalog] is selected, 3269.

Originally taken

I actually removed all my config, and put in the exact information for Active directory given in the sample. I still get this same error:

[15-Sep-2014 08:17:42.797] [DEBUG] LDAPConnection::initLDAP(): Connecting to LDAP server
[15-Sep-2014 08:17:44.810] [DEBUG] LDAPConnection::loginLDAP(): LDAP could not login. Error code: Server Down

Which is expected.

However, running tcpdump/Wireshark, I don't see any connection attempts from the system to 10.5.0.35 port 389. It seems net-xms isn't even attempting to make the connection?

All this time I was thinking about possible causes - the only thing I can imagine is that somewhere this packages are blocked by firewall.

I am also having issues trying to authenticating AD users via LDAP. The log file contains that line:
"LDAPConnection::syncUsers(): FAILED - server was compiled without LDAP support"

How to compile NetXMS with LDAP support?

Hi,

I assume you are on Linux. Then you have to install OpenLDAP development package (libldap2-dev on Debian, openldap-devel on RedHat) and re-run configure and make. Pay attention to configure's summary output - it should say yes for LDAP support.

Best regards,
Victor

not to hijack this thread as well... but having an issue syncing ldap as well.

we are running on linux and conecting to Active Directory. It appears I can hit the domain but receiving an error

[14-Oct-2014 15:37:40.350] [DEBUG] LDAPConnection::initLDAP(): Connecting to LDAP server
[14-Oct-2014 15:37:40.851] [DEBUG] LDAPConnection::syncUsers(): LDAP could not get search results. Error code: Size limit exceeded

I have encountered this behavior before and setting the size limit to 0 or unlimited will resolve the issue. However where can I configure this option and set the sizelimit to unlimited?

Appreciate your help

Hi,

Quote[14-Oct-2014 15:37:40.350] [DEBUG] LDAPConnection::initLDAP(): Connecting to LDAP server
[14-Oct-2014 15:37:40.851] [DEBUG] LDAPConnection::syncUsers(): LDAP could not get search results. Error code: Size limit exceeded

Here is other thread: https://www.netxms.org/forum/configuration/ldap-config-exceed-size-limit-ms-active-directory/
Win2003/2008 AD have default value of MaxPageSize = 1000.

Rgs
TM