LDAP General

kevinnew22

I need help in integrating the fog with LDAP General … I installed the plugin I don’t know which parameters to pass … on the Linux server of the fog do you need which components installed to work with the integration of LDAP General? I’ve done a lot of research on the subject right here on the forum but I couldn’t solve it.

Tom Elliott

@kevinnew22 What version of FOG are you running?

Can you clarify a little better on what you’ve looked at? What you’ve tried? What’s not working?

kevinnew22

Tom Elliott

@kevinnew22 So, a few questions come to mind:

Is this Active Directory or open ldap?

While I appreciate your privacy, I never understand why people block of “certain” points. I can understand hiding your IP if it’s a public IP address, but if it’s Private it makes little sense to block it. (Private IPs are 192.168.x.x/24 172.16.x.x/16 and 10.x.x.x/8)

First:

LDAP Server should be a dns name. Normally when you look at your domain you will see the “name” it maps to. Of course I have to make some assumptions so please just take my info and adjust as needed.

So let’s say I have a domain called example and the “common” name to map to the same domain is example.com. I would use example.com in the server area. (Of course this assumes DNS is handled by the domain as well which is generally common.)

LDAP Server port. If you’re using LDAPs you will likely need to import your domains certificate tree to the FOG Server for it to work properly. (I don’t understand why you blocked this out because there’s only 2 parts. So if you’re using 389 as the server port, this is not a secure port. Otherwise it is the secure port.

Search Base DN looks correct though I don’t know if it actually matches your domain structure.

Your Group Search DN may be correct but I’m not sure. Of note, with this being set, any group you’re attempting to match must reside in here. So I see your Admin Group is set to Admin. So under {blank}.sa -> grupo {blank} should contain the admin group. If it doesn’t this would be reason for you not being able to log in with your LDAP information. To generalize it for testing at least, you should probably set Group Search DN to the same as Search Base DN.

Admin Group appears correct assuming you have a Group named admin in your domain.

Mobile Group appears correct but is redundant. As you already have this setup for the Admin Group, this is unnecessary. It’s going to set the user as admin, so having Mobile user filled in with the same group doesn’t do anything.
Please Note with both of these, you can use multiple groups by separating them with commas. For example, you could associate all admins for the group admin and domain admins by entering int he Admin Group field: admin,domain admins

Username Attribute looks correct assuming Active Directory

Group Member Attribute looks correct assuming Active Directory

Bind DN appears to be correct though this is totally on you.

Bind password is already set but I have no way of knowing if it’s correct.

Of note, there are logs that are written when theres an error that might help you troubleshoot too.

On redhat based linux, this is /var/log/php-fpm/www-error.log. You would need to look up your systems error log. For Debian this might be /var/log/apache2/error.log, but it could also be under /var/log/php{phpver}-fpm/www-error.log (or very close to it) replacing phpver with the running php version (can be known by running php -v | awk 'match($0, /^PHP (([0-9])[.]([0-9]))[.][0-9]/, ary) {print ary[1]}'

Hopefully this helps narrow down where to look.

kevinnew22

@tom-elliott said in LDAP General:

/var/log/

Thank you for your answers … how do I do tests to check for ldap authentication errors … the php module is installed … (php-ldap-7.2.34-4) do I need to enable it somewhere? When I’m sure how do I import users from ad?

Tom Elliott

@kevinnew22 fog doesn’t import users. When the plug-in is configured you would simply sign in just like you would to Windows. The logging is setup to go to the error log which I explained earlier.

kevinnew22

@Tom-Elliott
Dude, I was able to integrate the LDAP with the fog, now I need to manage the access levels, how can I do with LDAP enabled? I thank your previous answers.