• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

LDAP General

Scheduled Pinned Locked Moved
FOG Problems
2
7
723
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kevinnew22
    last edited by May 13, 2021, 5:50 PM

    I need help in integrating the fog with LDAP General … I installed the plugin I don’t know which parameters to pass … on the Linux server of the fog do you need which components installed to work with the integration of LDAP General? I’ve done a lot of research on the subject right here on the forum but I couldn’t solve it.

    T 1 Reply Last reply May 13, 2021, 6:12 PM Reply Quote 0
    • T
      Tom Elliott @kevinnew22
      last edited by May 13, 2021, 6:12 PM

      @kevinnew22 What version of FOG are you running?

      Can you clarify a little better on what you’ve looked at? What you’ve tried? What’s not working?

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      1 Reply Last reply Reply Quote 0
      • K
        kevinnew22
        last edited by May 13, 2021, 7:36 PM

        Version FOG.PNG LDAP.PNG

        T 1 Reply Last reply May 14, 2021, 12:11 PM Reply Quote 0
        • T
          Tom Elliott @kevinnew22
          last edited by May 14, 2021, 12:11 PM

          @kevinnew22 So, a few questions come to mind:

          Is this Active Directory or open ldap?

          While I appreciate your privacy, I never understand why people block of “certain” points. I can understand hiding your IP if it’s a public IP address, but if it’s Private it makes little sense to block it. (Private IPs are 192.168.x.x/24 172.16.x.x/16 and 10.x.x.x/8)

          First:

          LDAP Server should be a dns name. Normally when you look at your domain you will see the “name” it maps to. Of course I have to make some assumptions so please just take my info and adjust as needed.

          So let’s say I have a domain called example and the “common” name to map to the same domain is example.com. I would use example.com in the server area. (Of course this assumes DNS is handled by the domain as well which is generally common.)

          LDAP Server port. If you’re using LDAPs you will likely need to import your domains certificate tree to the FOG Server for it to work properly. (I don’t understand why you blocked this out because there’s only 2 parts. So if you’re using 389 as the server port, this is not a secure port. Otherwise it is the secure port.

          Search Base DN looks correct though I don’t know if it actually matches your domain structure.

          Your Group Search DN may be correct but I’m not sure. Of note, with this being set, any group you’re attempting to match must reside in here. So I see your Admin Group is set to Admin. So under {blank}.sa -> grupo {blank} should contain the admin group. If it doesn’t this would be reason for you not being able to log in with your LDAP information. To generalize it for testing at least, you should probably set Group Search DN to the same as Search Base DN.

          Admin Group appears correct assuming you have a Group named admin in your domain.

          Mobile Group appears correct but is redundant. As you already have this setup for the Admin Group, this is unnecessary. It’s going to set the user as admin, so having Mobile user filled in with the same group doesn’t do anything.
          Please Note with both of these, you can use multiple groups by separating them with commas. For example, you could associate all admins for the group admin and domain admins by entering int he Admin Group field: admin,domain admins

          Username Attribute looks correct assuming Active Directory

          Group Member Attribute looks correct assuming Active Directory

          Bind DN appears to be correct though this is totally on you.

          Bind password is already set but I have no way of knowing if it’s correct.

          Of note, there are logs that are written when theres an error that might help you troubleshoot too.

          On redhat based linux, this is /var/log/php-fpm/www-error.log. You would need to look up your systems error log. For Debian this might be /var/log/apache2/error.log, but it could also be under /var/log/php{phpver}-fpm/www-error.log (or very close to it) replacing phpver with the running php version (can be known by running php -v | awk 'match($0, /^PHP (([0-9])[.]([0-9]))[.][0-9]/, ary) {print ary[1]}'

          Hopefully this helps narrow down where to look.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          1 Reply Last reply Reply Quote 1
          • K
            kevinnew22
            last edited by May 17, 2021, 3:07 PM

            @tom-elliott said in LDAP General:

            /var/log/

            Thank you for your answers … how do I do tests to check for ldap authentication errors … the php module is installed … (php-ldap-7.2.34-4) do I need to enable it somewhere? When I’m sure how do I import users from ad?

            T 1 Reply Last reply May 17, 2021, 3:14 PM Reply Quote 0
            • T
              Tom Elliott @kevinnew22
              last edited by May 17, 2021, 3:14 PM

              @kevinnew22 fog doesn’t import users. When the plug-in is configured you would simply sign in just like you would to Windows. The logging is setup to go to the error log which I explained earlier.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              1 Reply Last reply Reply Quote 0
              • K
                kevinnew22
                last edited by May 21, 2021, 2:30 PM

                @Tom-Elliott
                Dude, I was able to integrate the LDAP with the fog, now I need to manage the access levels, how can I do with LDAP enabled? I thank your previous answers.

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                1 / 1
                • First post
                  5/7
                  Last post

                240

                Online

                12.0k

                Users

                17.3k

                Topics

                155.2k

                Posts
                Copyright © 2012-2024 FOG Project