> Hello together,
>
> i have setup a litte Testlab at home with Foreman 1.14.3 (CentOS7) and
> an Active Directory (Windows Server 2016).
> Now i want to setup the LDAP AD Authentication, but i cant bring it
> running.
>
> The Foreman Server is alredy a realm member of the Windows Active
> Directory. I can login on CentOS with Windows AD Users. That works fine.
> But when i setup the AD Authentication in foreman, i cant login with
> the AD-User in the Foreman Webinterface. I tryed it with
> "DOMAIN\User" and "User". He just the username or password is wrong,
> not very helpful. And i dont know in wich logs i can get more
> informations about it.
>
>
> This Settings iam using:
>
> >
> LDAP Server:
> -------------
> Name:neotokyo.net # Just a name
> Server:neotokyodc # NetBios name of my VM
> LDAPS:[]
> Port:389
> Servertype:ActiveDirectory
>
>
> Account:
> -------------
>
> Accountusername:Administrator#AD Administrator eq. to
> NEOTOKYO\Administrator on Windows AD.
> Accountpassword:givenPassword
> BaseDN:CN=Users,DC=neotokyo,DC=net
> GroupbaseDN:CN=Users,DC=neotokyo,DC=net
> LDAP Filter:[]
> Automaticallycreate accounts inForeman:[X]
>
> Usergroupsync:[X]
>
>
>
> Attributemappings:
> ---------------
> Loginname attribute:userPrincipalName
> Firstname attribute:givenName
> Surnameattribute:sn
> E-MailAdressattribute:mail
>
> >
>
Have you tried to use the full address as server? Ie.
neotokyodc.netokyo.net instead of just neotokyodc? Maybe you the
DOMAINNAME\Username instead of just Administrator?
I see you used userPrincipalName as loginname. Then you need to use the
name in that attributes. Usually Username@domain (i.e.
administrator@netokyo.net).
If you want to login using your "short-name" you need to use
sAMAccountName as your login attribute.
···
Den 2017-11-05 kl. 11:45, skrev anpk:The Attribute mappings i just copied from the original documentation.
And here are informations about my Testlab-AD:
AllowedDNSSuffixes : {}
ChildDomains : {}
ComputersContainer : CN=Computers,DC=neotokyo,DC=net
DeletedObjectsContainer : CN=Deleted Objects,DC=neotokyo,DC=net
DistinguishedName : DC=neotokyo,DC=net
DNSRoot : neotokyo.net
DomainControllersContainer : OU=Domain
Controllers,DC=neotokyo,DC=net
DomainMode : Windows2016Domain
DomainSID : S-1-5-21-2829910196-628102167-1224678811
ForeignSecurityPrincipalsContainer :
CN=ForeignSecurityPrincipals,DC=neotokyo,DC=net
Forest : neotokyo.net
InfrastructureMaster : neotokyodc.neotokyo.net
LastLogonReplicationInterval :
LinkedGroupPolicyObjects :
{CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=neotokyo,DC=ne
t}
LostAndFoundContainer : CN=LostAndFound,DC=neotokyo,DC=net
ManagedBy :
Name : neotokyo
NetBIOSName : NEOTOKYOa
ObjectClass : domainDNS
ObjectGUID : dd54fb48-c869-416e-b29f-b7463dfed283
ParentDomain :
PDCEmulator : neotokyodc.neotokyo.net
PublicKeyRequiredPasswordRolling : True
QuotasContainer : CN=NTDS Quotas,DC=neotokyo,DC=net
ReadOnlyReplicaDirectoryServers : {}
ReplicaDirectoryServers : {neotokyodc.neotokyo.net}
RIDMaster : neotokyodc.neotokyo.net
SubordinateReferences : {DC=ForestDnsZones,DC=neotokyo,DC=net,
DC=DomainDnsZones,DC=neotokyo,DC=net,
CN=Configuration,DC=neotokyo,DC=net}
SystemsContainer : CN=System,DC=neotokyo,DC=net
UsersContainer : CN=Users,DC=neotokyo,DC=net
!