LDAP Plugin install



  • Hi @stuhad

    I have this working on 1.5.7 dev branch on Ubuntu 18.04 so can walk you through what I’ve done in case that helps? Also check out this post by @m144 which got me started in the right direction.

    Need to install the php plugin and restart apache first off

    sudo apt-get install php-ldap
    sudo systemctl restart apache2
    

    One important note which doesn’t seem to be documented anywhere - the AD Bind password does not like special characters. I’ve not had time to test which ones are ok and which are not so just went with an alphanumeric password to get up and running.

    Assuming your domain is example.com and you have 2 domain controllers:

    dc01.example.com
    dc02.example.com

    Create a security group to house the users you want to log in over LDAP here we will use group fogserver admins in the OU=security groups. And a service account which has been delegated the rights to add and delete computer objects on your domain or in a pinch added as member of the Domain Admins group.

    In the FOG ui click on the LDAP icon and then create new LDAP link on the left and fill in details as follows

    LDAP connection name: dc01.example.com (each connection name must be unique)
    LDAP Server Address: dc01.example.com
    LDAP Server Port: 389
    Search Base DN: dc=example,dc=com
    Group Search DN: dc=example,dc=com
    Admin group: cn=fogserver_admins,ou=security groups,dc=example,dc=com
    Mobile group: cn=fogserver_admins,ou=security groups,dc=example,dc=com
    User Name Attribute: sAMAccountName
    Group Member Attribute: member
    Search Scope: Subtree and below
    Bind DN: cn=service fogserver,ou=service_accounts,dc=example,dc=com
    Bind password: <password for service account - add in plain text)

    You can (and should) add multiple entries here with your other DCs for redundancy, just fill in another LDAP entry with unique connection name.

    You should then be able to login to the FOG web portal with a domain username e.g. foguser (no need to add as example\foguser)

    If a user who is not a member of your fogserver admins group tries to login it will fail on the UI with error

    fogserver_admins))(member=CN=Jake Fake,OU=Users,OU=Sales,DC=example,DC=com)); Result: 0\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=cn=fogserver_admins)(name=ou=security groups)(name=dc=example)(name=dc=com))(member=CN=Jake Fake,OU=Users,OU=Sales,DC=example,DC=com)); Result: 0\nPHP message: Plugin LDAP::authLDAP() Access level is still 0 or false. No access is allowed!\n', referer: http://fogserver/fog/management/index.php?node=home
    

    Try that and if you’re still having issues let us know what OS you’re running and what entries you’re using in the LDAP setup - feel free to edit the entries for privacy reasons.

    regards Tom


  • Senior Developer

    @stuhad You might need to share more information for us to be able to help. I do understand that people are afraid of posting OUs and such information publicly. But it’s very hard to help from the FOG side if we don’t know what settings you use.

    Unfortunately the plugin does not do much logging I think.

    The warning posted does not cause the issue I am sure. As far as I know this is fixed in current dev-branch already.


Log in to reply
 

254
Online

7.1k
Users

14.3k
Topics

135.1k
Posts