LDAP Plugin install
Need to install the php plugin and restart apache first off
sudo apt-get install php-ldap sudo systemctl restart apache2
One important note which doesn’t seem to be documented anywhere - the AD Bind password does not like special characters. I’ve not had time to test which ones are ok and which are not so just went with an alphanumeric password to get up and running.
Assuming your domain is example.com and you have 2 domain controllers:
Create a security group to house the users you want to log in over LDAP here we will use group fogserver admins in the OU=security groups. And a service account which has been delegated the rights to add and delete computer objects on your domain or in a pinch added as member of the Domain Admins group.
In the FOG ui click on the LDAP icon and then create new LDAP link on the left and fill in details as follows
LDAP connection name: dc01.example.com (each connection name must be unique)
LDAP Server Address: dc01.example.com
LDAP Server Port: 389
Search Base DN: dc=example,dc=com
Group Search DN: dc=example,dc=com
Admin group: cn=fogserver_admins,ou=security groups,dc=example,dc=com
Mobile group: cn=fogserver_admins,ou=security groups,dc=example,dc=com
User Name Attribute: sAMAccountName
Group Member Attribute: member
Search Scope: Subtree and below
Bind DN: cn=service fogserver,ou=service_accounts,dc=example,dc=com
Bind password: <password for service account - add in plain text)
You can (and should) add multiple entries here with your other DCs for redundancy, just fill in another LDAP entry with unique connection name.
You should then be able to login to the FOG web portal with a domain username e.g. foguser (no need to add as example\foguser)
If a user who is not a member of your fogserver admins group tries to login it will fail on the UI with error
fogserver_admins))(member=CN=Jake Fake,OU=Users,OU=Sales,DC=example,DC=com)); Result: 0\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=cn=fogserver_admins)(name=ou=security groups)(name=dc=example)(name=dc=com))(member=CN=Jake Fake,OU=Users,OU=Sales,DC=example,DC=com)); Result: 0\nPHP message: Plugin LDAP::authLDAP() Access level is still 0 or false. No access is allowed!\n', referer: http://fogserver/fog/management/index.php?node=home
Try that and if you’re still having issues let us know what OS you’re running and what entries you’re using in the LDAP setup - feel free to edit the entries for privacy reasons.
@stuhad You might need to share more information for us to be able to help. I do understand that people are afraid of posting OUs and such information publicly. But it’s very hard to help from the FOG side if we don’t know what settings you use.
Unfortunately the plugin does not do much logging I think.
The warning posted does not cause the issue I am sure. As far as I know this is fixed in current