in my organization we use LDAP.
I've update all ldap params in the server config.
when I use ldapsync I get in the log for example:
LDAPConnection::fillLists(): CN={F03728F2-5360-4E2E-A256-ECDE9870E0A0},CN=Uzi Koren,CN=Uzi Koren,CN=Users,DC=partnergsm,DC=co,DC=il is not a user or a group (classes: )
2019.12.05 13:30:07.247 *D* [ldap ] LDAPConnection::fillLists(): Found DN: CN=VDP0043498,CN=Users,DC=partnergsm,DC=co,DC=il
2019.12.05 13:30:07.247 *D* [ldap ] LDAPConnection::fillLists(): CN=VDP0043498,CN=Users,DC=partnergsm,DC=co,DC=il is not a user or a group (classes: top,vasco-DPToken)
2019.12.05 13:30:07.247 *D* [ldap ] LDAPConnection::fillLists(): Found DN: CN=VDP0043498PASSWORD,CN=VDP0043498,CN=Users,DC=partnergsm,DC=co,DC=il
2019.12.05 13:30:07.247 *D* [ldap ] LDAPConnection::fillLists(): CN=VDP0043498PASSWORD,CN=VDP0043498,CN=Users,DC=partnergsm,DC=co,DC=il is not a user or a group (classes: top,vasco-DPApplication)
2019.12.05 13:30:07.247 *D* [ldap ] LDAPConnection::fillLists(): Found DN: CN=Idan Elezra,CN=Users,DC=partnergsm,DC=co,DC=il
2019.12.05 13:30:07.247 *D* [ldap ] LDAPConnection::fillLists(): Unknown object is not added: dn: CN=Idan Elezra,CN=Users,DC=partnergsm,DC=co,DC=il, login name: (null), full name: Idan Elezra, description: ielezra
my params:
LdapConnectionString ldap://ldapServer:389
LdapGroupClass group
LdapGroupMappingName groupName
LdapGroupUniqueId objectGUID
LdapMappingDescription sAMAccountName
LdapMappingFullName displayName
LdapPageSize 1000
LdapSearchBase CN=Users,DC=partnergsm,DC=co,DC=il
LdapSearchFilter (objectClass=*)
LdapSyncInterval 720
LdapSyncUser CN=netxmsldap,CN=Users,DC=partnergsm,DC=co,DC=il
LdapSyncUserPassword Passwd
LdapUserClass user
LdapUserDeleteAction Disable user
LdapUserMappingName sAMAccountName={0}
LdapUserUniqueId objectGUID
. why I get messages: Unknown object is not added: dn: CN=Idan Elezra,CN=Users,DC=partnergsm,DC=co,DC=il, login name: (null), full name: Idan Elezra, description: ielezra
2. My integration is just to verify passwords. I'de like to manage groups and roles inside netxms.
how should I create a user that authenticate using LDAP?
thanks in advance.
Amitay
1
We use object class to verify if it is user or group. Your user has classes classes: top,vasco-DPToken, but does not have user or group class(that are defined in your config). It looks like you can use vasco-DPApplication class as a user class. And you should check what class is group class the same way it was done for users.
hi,
ive changed LdapUserMappingName to: sAMAccountName
LdapGroupMappingName to: MemberOf
what about my second question, how should I use and define users?
All roles are managed inside the NetXMS, LDAP is used onlu to log in. You can create required groups inside the NetXMS or use groups that are imported from LDAP and just assign required access rights to those groups, you can add groups inside the groups. If your LDAP structure does not change a lot you can use imported groups, but I personally create group with correct rights just in case if in LDAP group will be removed all rights will not be lost. I add LDAP imported groups in to the manually created groups.
Hi,
thanks for your reply.
I've synched all ldap users to netxms and I'll build internal groups.
Amitay