• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    How to setup Microsoft AD LDAP for FOG 1.5.0~

    Scheduled Pinned Locked Moved
    Tutorials
    3
    6
    4.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • m144M
      m144
      last edited by

      • 1 - Go to >Fog Configuration> Fog Settings>Plugin System - check the box for “PLUGINSYS ENABLED”

      • 2 - In the menu, you should now see a gear icon called “Plugins”

      • 3 - Once on the Plugins page select “LDAP” then navigate to “Install plugins” then install the LDAP plugin. You should now see the LDAP plugin listed under “Installed Plugins”

      • 4 - SSH to your FOG server and install the latest php-ldap module through your distro package manager

      • 5 - In the menu, you should now see a key icon called “LDAP Servers”

      • 6 - Click “Create New LDAP”

      • 7 - Now for the fun part…

      LDAP Connection Name - (This is whatever you want it to be… it’s just a name)
      LDAP Server Description - (Again… whatever you want… it’s just a Description)
      LDAP Server Address - MANDATORY - (The name of the server to check logins against)
      LDAP Server Port - MANDATORY - (Pick 389 or 636 from the drop down… if you are not sure what one will work for you start with 389 or Google it)
      Use Group Matching - recommended - (you are most likely going to want to leave this checked)
      Search Base DN - MANDATORY - (This is the organizational unit within Active directory that you would like to start your search for users)
      Group Search DN - MANDATORY - (This is the organizational unit within Active directory that you would like to start your search for Group Matching)
      Admin Group - MANDATORY - (This is the name of the security/distribution group that admins need to be a part of in AD in order to login with LDAP) Note: Just the group name… not the whole CN as you already provided that information above.
      Mobile Group - recommended - (You probably just want to make this the same as above unless you use this for things… idk)
      Initial Template - (Since this tutorial is for Microsoft AD lets select Microsoft AD)
      User Name Attribute - MANDATORY - (Not sure if the case is important for this setting within in FOG, but for others I know it is… thus I changed the “User Name Attribute” from “samAccountName” to “sAMAccountName”)
      Group Member Attribute - MANDATORY - (Default setting here is good - “member”)
      Search Scope - (Depends on how your organizational units are set up within AD )
      Bind DN - MANDATORY - (This is the full path to the location of the user account you will be using to talk with LDAP this should start with “cn=”)(This user should have somewhat elevated permissions in AD the level of which is at your discretion)
      Bind Password - MANDATORY - (The password for the user account above)
      Once done click “create”

      • 8 - Read the “Some things to keep in mind section below - Then test logging into FOG with an AD account”

      Some things to keep in mind:

      • The LDAP user you want to log in with should not already have a local account within FOG.
      • Once you get it working don’t just go and delete all your local FOG accounts… Leave one with a nice long and random password - keep that password somewhere safe, if the plugin stops working for some reason it would be nice to still have access to your FOG server GUI without having to go and add a user into the database manually.
      • Please once working use a test AD account or create one and make sure you did not just give every user in your AD the ability to log into your FOG server and image every computer.
      • The apache error log is a great tool to use when troubleshooting why your LDAP is not working on FOG
      • Below is an example of LDAP settings within FOG
      • As always if you are not sure about something feel free to ask the fourms… Thats what they are there for

      0_1519761124224_LDAP Example1.png

      Disclaimer: All of the above information is a summary of my experience getting this plugin to work within our environment. I am only providing an example/tutorial. Please be careful with LDAP and TEST USER ACCESS as much as you can. only you will be at fault if for some unfortunate reason someone that should not have access to your FOG server gets it and images all your computers 😕

      With that said, I hope I have stressed the importance of securing your LDAP setting and this example/tutorial has helped you in some way…

      Happy Fogging!

      1 Reply Last reply Reply Quote 3
      • george1421G
        george1421 Moderator
        last edited by

        Very nice, thank you for documenting this.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        m144M 1 Reply Last reply Reply Quote 0
        • Wayne WorkmanW
          Wayne Workman
          last edited by

          Wow this is awesome! #wiki worthy

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
          Daily Clean Installation Results:
          https://fogtesting.fogproject.us/
          FOG Reporting:
          https://fog-external-reporting-results.fogproject.us/

          1 Reply Last reply Reply Quote 0
          • m144M
            m144 @george1421
            last edited by

            @george1421 @Wayne-Workman Thanks guys… Been using FOG since back in the 0.32 days! It has saved me so much time, words can not describe how much I appreciate this project.

            I hope to create some more documentation as I have some time. Would love to help with anything I can, just let me know. 🙂

            Thanks,

            Wayne WorkmanW 1 Reply Last reply Reply Quote 0
            • Wayne WorkmanW
              Wayne Workman @m144
              last edited by

              @m144 Oh there is lots to do - but a great majority of the documentation tasks that need done are repetitive and are not very creative tasks. Maybe a year ago, a few people set out to rewrite the entire wiki using restructured text and put it under revision control in github. We have some awesome plans created and an outline produced, but it never went further. We need tutorial videos on simple things - like capturing an image, deploying an image, deploying a snapin. Basic snapin building tutorials. Printer management tutorials. Storage node setup tutorials, image sharing across groups… You get the idea? Basically everything lol. Any documentation or tutorials greatly helps.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
              Daily Clean Installation Results:
              https://fogtesting.fogproject.us/
              FOG Reporting:
              https://fog-external-reporting-results.fogproject.us/

              m144M 1 Reply Last reply Reply Quote 0
              • m144M
                m144 @Wayne Workman
                last edited by

                @wayne-workman Sounds good… I’ll see what I can do when I find some free time.

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post

                194

                Online

                12.0k

                Users

                17.3k

                Topics

                155.2k

                Posts
                Copyright © 2012-2024 FOG Project