how to use and configure LDAP

Started by amitayb, December 05, 2019, 01:39:02 PM

Previous topic - Next topic

amitayb

in my organization we use LDAP.
I've update all ldap params in the server config.
when I use ldapsync I get in the log for example:

LDAPConnection::fillLists(): CN={F03728F2-5360-4E2E-A256-ECDE9870E0A0},CN=Uzi Koren,CN=Uzi Koren,CN=Users,DC=partnergsm,DC=co,DC=il is not a user or a group (classes: )
2019.12.05 13:30:07.247 *D* [ldap               ] LDAPConnection::fillLists(): Found DN: CN=VDP0043498,CN=Users,DC=partnergsm,DC=co,DC=il
2019.12.05 13:30:07.247 *D* [ldap               ] LDAPConnection::fillLists(): CN=VDP0043498,CN=Users,DC=partnergsm,DC=co,DC=il is not a user or a group (classes: top,vasco-DPToken)
2019.12.05 13:30:07.247 *D* [ldap               ] LDAPConnection::fillLists(): Found DN: CN=VDP0043498PASSWORD,CN=VDP0043498,CN=Users,DC=partnergsm,DC=co,DC=il
2019.12.05 13:30:07.247 *D* [ldap               ] LDAPConnection::fillLists(): CN=VDP0043498PASSWORD,CN=VDP0043498,CN=Users,DC=partnergsm,DC=co,DC=il is not a user or a group (classes: top,vasco-DPApplication)
2019.12.05 13:30:07.247 *D* [ldap               ] LDAPConnection::fillLists(): Found DN: CN=Idan Elezra,CN=Users,DC=partnergsm,DC=co,DC=il
2019.12.05 13:30:07.247 *D* [ldap               ] LDAPConnection::fillLists(): Unknown object is not added: dn: CN=Idan Elezra,CN=Users,DC=partnergsm,DC=co,DC=il, login name: (null), full name: Idan Elezra, description: ielezra

my params:

LdapConnectionString   ldap://ldapServer:389
LdapGroupClass   group
LdapGroupMappingName   groupName
LdapGroupUniqueId   objectGUID
LdapMappingDescription   sAMAccountName
LdapMappingFullName   displayName
LdapPageSize   1000
LdapSearchBase   CN=Users,DC=partnergsm,DC=co,DC=il
LdapSearchFilter   (objectClass=*)
LdapSyncInterval   720
LdapSyncUser   CN=netxmsldap,CN=Users,DC=partnergsm,DC=co,DC=il
LdapSyncUserPassword   Passwd
LdapUserClass   user
LdapUserDeleteAction   Disable user
LdapUserMappingName   sAMAccountName={0}
LdapUserUniqueId   objectGUID

. why I get messages: Unknown object is not added: dn: CN=Idan Elezra,CN=Users,DC=partnergsm,DC=co,DC=il, login name: (null), full name: Idan Elezra, description: ielezra
2. My integration is just to verify passwords. I'de like to manage groups and roles inside netxms.
how should I create a user that authenticate using LDAP?

thanks in advance.
Amitay
1

Tatjana Dubrovica

We use object class to verify if it is user or group. Your user has classes classes: top,vasco-DPToken, but does not have user or group class(that are defined in your config). It looks like you can use vasco-DPApplication class as a user class. And you should check what class is group class the same way it was done for users.

amitayb

hi,
ive changed LdapUserMappingName  to: sAMAccountName
LdapGroupMappingName   to: MemberOf   

what about my second question, how should I use and define users?

Tatjana Dubrovica

All roles are managed inside the NetXMS, LDAP is used onlu to log in. You can create required groups inside the NetXMS or use groups that are imported from LDAP and just assign required access rights to those groups, you can add groups inside the groups. If your LDAP structure does not change a lot you can use imported groups, but I personally create group with correct rights just in case if in LDAP group will be removed all rights will not be lost. I add LDAP imported groups in to the manually created groups.

amitayb

Hi,
thanks for your reply.
I've synched all ldap users to netxms and I'll build internal groups.

Amitay