• Register
    • Login
    • Search
    • Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search

    LDAP Plugin install

    General
    4
    22
    677
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kiweegie last edited by Kiweegie

      Hi @stuhad

      I have this working on 1.5.7 dev branch on Ubuntu 18.04 so can walk you through what I’ve done in case that helps? Also check out this post by @m144 which got me started in the right direction.

      Need to install the php plugin and restart apache first off

      sudo apt-get install php-ldap
      sudo systemctl restart apache2
      

      One important note which doesn’t seem to be documented anywhere - the AD Bind password does not like special characters. I’ve not had time to test which ones are ok and which are not so just went with an alphanumeric password to get up and running.

      Assuming your domain is example.com and you have 2 domain controllers:

      dc01.example.com
      dc02.example.com

      Create a security group to house the users you want to log in over LDAP here we will use group fogserver admins in the OU=security groups. And a service account which has been delegated the rights to add and delete computer objects on your domain or in a pinch added as member of the Domain Admins group.

      In the FOG ui click on the LDAP icon and then create new LDAP link on the left and fill in details as follows

      LDAP connection name: dc01.example.com (each connection name must be unique)
      LDAP Server Address: dc01.example.com
      LDAP Server Port: 389
      Search Base DN: dc=example,dc=com
      Group Search DN: dc=example,dc=com
      Admin group: cn=fogserver_admins,ou=security groups,dc=example,dc=com
      Mobile group: cn=fogserver_admins,ou=security groups,dc=example,dc=com
      User Name Attribute: sAMAccountName
      Group Member Attribute: member
      Search Scope: Subtree and below
      Bind DN: cn=service fogserver,ou=service_accounts,dc=example,dc=com
      Bind password: <password for service account - add in plain text)

      You can (and should) add multiple entries here with your other DCs for redundancy, just fill in another LDAP entry with unique connection name.

      You should then be able to login to the FOG web portal with a domain username e.g. foguser (no need to add as example\foguser)

      If a user who is not a member of your fogserver admins group tries to login it will fail on the UI with error

      fogserver_admins))(member=CN=Jake Fake,OU=Users,OU=Sales,DC=example,DC=com)); Result: 0\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=cn=fogserver_admins)(name=ou=security groups)(name=dc=example)(name=dc=com))(member=CN=Jake Fake,OU=Users,OU=Sales,DC=example,DC=com)); Result: 0\nPHP message: Plugin LDAP::authLDAP() Access level is still 0 or false. No access is allowed!\n', referer: http://fogserver/fog/management/index.php?node=home
      

      Try that and if you’re still having issues let us know what OS you’re running and what entries you’re using in the LDAP setup - feel free to edit the entries for privacy reasons.

      regards Tom

      Tom Elliott 1 Reply Last reply Reply Quote 2
      • S
        Sebastian Roth Moderator last edited by Sebastian Roth

        @stuhad You might need to share more information for us to be able to help. I do understand that people are afraid of posting OUs and such information publicly. But it’s very hard to help from the FOG side if we don’t know what settings you use.

        Unfortunately the plugin does not do much logging I think.

        The warning posted does not cause the issue I am sure. As far as I know this is fixed in current dev-branch already.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 0
        • 1
        • 2
        • 2 / 2
        • First post
          Last post

        213
        Online

        10.4k
        Users

        16.4k
        Topics

        150.6k
        Posts

        Copyright © 2012-2023 FOG Project