Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 5 subscribers
  • Views 4815 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

External LDAP setup SMC3

MaiwelIT

Currently our mobile control users are maintained by an Internal directory (4 users, so it was never a real issue and was for proof of concept),

We are now wanting to integrate it with AD as there is plans to expand the number of mobile users
So for ease on the users that are currently connected (swap them when up and running), I am creating a new 'customer' with external LDAP connection.

I can get through the setup, but I run into issues with the LDAP Search Fields.

Step 7.3.1.6 of the Superadmin guide
'You define which LDAP fields are to be used for resolving the placeholders %_USERNAME_% and %_EMAILADDRESS_% in profiles. Select the required fields from the username and Email dropdown lists."

When I first got to this step, there was no drop down list - so I entered in %_USERNAME_% to username and %_EMAILADDRESS_% to email (which I believe is incorrect anyway) and went to the next step, gave it a SSP group and it resolved ok.
Added a few users to the AD group specified, and I get 'Unauthorized access' when trying to log in to the SSP (https://smc.*******/ssp)
An email exception is generated and sent to my account

***

Message:

could not lookup entry from server="Server id: 0, Display name: LDAP on ldaps://10.1.1.50, Internal directory: false, Primary url: ldaps://10.1.1.50, Backup url: ldaps://10.1.1.51, Search base: DC=****,DC=****, Lookup user: maiwel\*******, Lookup password: ******, SSP login group: CN=SG - SMCUsers,OU=Security Groups,OU=IT Users & Groups,DC=*****,DC=local, Alternative GUID: null, Alternative login field: %_USERNAME_%, Phonenumber fields: [], Username fields: [%_USERNAME_%], E-mail fields: [], Other fields: []" with guid="commstest" for guidField="%_USERNAME_%"

***


Going back in to the Ldap config, the drop down boxes were then available, but the drop down lists do not have any entry that seems relevant to username:

accountExpires

adminCount

badPasswordTime

badPwdCount

cn

codePage

company

countryCode

etc...

Is there anyone who can advise is the correct entries I need to enter in this part to allow for Ldap connection?

I have looked at the other messages in the forums, and there is one that simply states with no further information

I tried the AD Integration to. It works like a charm.

Just follow the steps in the Super Administrator Guide.

- Add your AD Search Parameters

- Create an AD Group

- Add the User to your AD Group

however, that thread is a few months old, and I didn't want to revive an old thread

I have a support ticket open, but thought there might be someone in the community that can assist

Cheers in advance

:39931


This thread was automatically locked due to age.
Parents
  • 0

    Have worked it out (well for our environment)

    The LDAP Search fields I needed to enter are as follows:

    username : sAMAccountName

    email : userPrincipalName

    Hopefully this will help someone else out

    Could this possibly be added to the documentation SOPHOS?

    :39935
Reply
  • 0

    Have worked it out (well for our environment)

    The LDAP Search fields I needed to enter are as follows:

    username : sAMAccountName

    email : userPrincipalName

    Hopefully this will help someone else out

    Could this possibly be added to the documentation SOPHOS?

    :39935
Children
No Data
Unfiltered HTML