Windows Server 2003
--
Questions
--
Followers
Top Experts
How to connect LDAP to Active Directory
Hi all,
I haven’t used LDAP to connect to active directory before. The client webserver is linux and application that connect to windows server 2003 Active directory is a library system called Koha, it needs LDAP configuration, can you help me out with this. Here is the Active Directory
Active Directory Server detail:
Server IP: 10.1.1.5
Domain: Example.local
Admin anme: administrator
Password: pass11
The Koha manual to connect to AD is as follow:
((((
Configuring LDAP
To configure Koha to use LDAP, we edit the /etc/koha-dev/etc/koha-con
To configure Koha to use LDAP, we edit the /etc/koha-dev/etc/koha-con
file and add an LDAP block similar to this:
<useldapserver>1</useldaps
configs you must add if you want to turn this on -->
<ldapserver id="ldapserver" listenref="ldapserver">
<hostname>your hosts ip address or name</hostname>
<base>base dn</base>
<user>LDAP user's dn</user>
<pass>LDAP user's password</pass>
<replicate>1</replicate> <!-- add new users from LDAP to
Koha database -->
<update>1</update> <!-- update existing users in Koha
database -->
<auth_by_bind>1</auth_by_b
<mapping> <!-- match koha SQL field names to your
LDAP record field names -->
<firstname is="givenName" ></firstname>
<surname is="sn" ></surname>
<userid is="uid"></userid>
<password is="userPassword" ></password>
<email is="mail"></email>
<address is="address">Default Address</address>
<city is="city">Default City</city>
<branchcode is="branch">Default Branch Code</branchcode>
<categorycode is="category">Default Catefory Code</
categorycode>
</mapping>
</ldapserver>
Here is how we configure the LDAP block:
1. Add the LDAP server block before these tags: </config></yazgfs> in the koha-conf.xml file.
2. Set the <useldapserver> tag to 1 to turn LDAP authentication on, set it to 0 to turn it off.
3. Enter the LDAP server's host name or IP address in the tag <hostname>.
4. Enter the LDAP server's base DN in the tag <base>.
5. In the tag <user> enter the DN of an LDAP user with browse privileges to the base DN.
6. Enter the LDAP user's password in the tag <pass>.
7. Set <replicate> tag to 1 if you want to create new users in Koha from the LDAP server. If this is set to 0, the user record must exist in Koha.
8. Set <update> tag to 1 if you want updates to user records on the LDAP server to update user records in Koha as well.
9. The fields listed in the <mapping> block refer to fields in the borrowers tables in Koha.
10. The fields listed in the <mapping> block must include all mandatory fields in the borrowers table except the field borrowernumber. Mandatory fields in the table are—surname, address, city, branchcode, and categorycode (patron category code).
11. The fields listed in the <mapping> block should include other Koha fields that have data in corresponding fields in the LDAP record. This way you can get useful data such as e-mail address or phone number from the LDAP record into Koha.
12. The name following is= refers to the corresponding field in the LDAP server.
13. For each field you can specify a default
)))))
can you please tell me what paramiter i have to change from above code.
I haven’t used LDAP to connect to active directory before. The client webserver is linux and application that connect to windows server 2003 Active directory is a library system called Koha, it needs LDAP configuration, can you help me out with this. Here is the Active Directory
Active Directory Server detail:
Server IP: 10.1.1.5
Domain: Example.local
Admin anme: administrator
Password: pass11
The Koha manual to connect to AD is as follow:
((((
Configuring LDAP
To configure Koha to use LDAP, we edit the /etc/koha-dev/etc/koha-con
To configure Koha to use LDAP, we edit the /etc/koha-dev/etc/koha-con
file and add an LDAP block similar to this:
<useldapserver>1</useldaps
configs you must add if you want to turn this on -->
<ldapserver id="ldapserver" listenref="ldapserver">
<hostname>your hosts ip address or name</hostname>
<base>base dn</base>
<user>LDAP user's dn</user>
<pass>LDAP user's password</pass>
<replicate>1</replicate> <!-- add new users from LDAP to
Koha database -->
<update>1</update> <!-- update existing users in Koha
database -->
<auth_by_bind>1</auth_by_b
<mapping> <!-- match koha SQL field names to your
LDAP record field names -->
<firstname is="givenName" ></firstname>
<surname is="sn" ></surname>
<userid is="uid"></userid>
<password is="userPassword" ></password>
<email is="mail"></email>
<address is="address">Default Address</address>
<city is="city">Default City</city>
<branchcode is="branch">Default Branch Code</branchcode>
<categorycode is="category">Default Catefory Code</
categorycode>
</mapping>
</ldapserver>
Here is how we configure the LDAP block:
1. Add the LDAP server block before these tags: </config></yazgfs> in the koha-conf.xml file.
2. Set the <useldapserver> tag to 1 to turn LDAP authentication on, set it to 0 to turn it off.
3. Enter the LDAP server's host name or IP address in the tag <hostname>.
4. Enter the LDAP server's base DN in the tag <base>.
5. In the tag <user> enter the DN of an LDAP user with browse privileges to the base DN.
6. Enter the LDAP user's password in the tag <pass>.
7. Set <replicate> tag to 1 if you want to create new users in Koha from the LDAP server. If this is set to 0, the user record must exist in Koha.
8. Set <update> tag to 1 if you want updates to user records on the LDAP server to update user records in Koha as well.
9. The fields listed in the <mapping> block refer to fields in the borrowers tables in Koha.
10. The fields listed in the <mapping> block must include all mandatory fields in the borrowers table except the field borrowernumber. Mandatory fields in the table are—surname, address, city, branchcode, and categorycode (patron category code).
11. The fields listed in the <mapping> block should include other Koha fields that have data in corresponding fields in the LDAP record. This way you can get useful data such as e-mail address or phone number from the LDAP record into Koha.
12. The name following is= refers to the corresponding field in the LDAP server.
13. For each field you can specify a default
)))))
can you please tell me what paramiter i have to change from above code.
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
((4. Base DN is the location where you start searching for users.
This can be set as the root of your domain, dc=example,dc=local, but for faster searches set the base DN to the nearest location for user accounts, by default, users are created in CN=users,dc=example,dc=loc
under (<base>base dn</base>) i can only specify one range of data on of the follownig:
dc=example,dc=local or
CN=users,dc=example,dc=loc
which one?
one can be used for Distinguished name (cn=john,cn=users....) use bind-user to seach users. or
(cn-users,dc=Example,dc=lo
which one shall i use, what is the different?
This can be set as the root of your domain, dc=example,dc=local, but for faster searches set the base DN to the nearest location for user accounts, by default, users are created in CN=users,dc=example,dc=loc
under (<base>base dn</base>) i can only specify one range of data on of the follownig:
dc=example,dc=local or
CN=users,dc=example,dc=loc
which one?
one can be used for Distinguished name (cn=john,cn=users....) use bind-user to seach users. or
(cn-users,dc=Example,dc=lo
which one shall i use, what is the different?
Like I said, that is dependent on where you user accounts are stored.
That is the default location of AD will store newly created users.
My own users are not stored in this location, because you cannot apply GPO's to containers.
Run the dsquery command I specified earlier, and replace John with your own name
Finding BASE DN of user locations, you can run
dsquery user -name <<your name>>*
e.g. dsquery user -name john*
Post the results and I'll tell you the base DN.
That is the default location of AD will store newly created users.
My own users are not stored in this location, because you cannot apply GPO's to containers.
Run the dsquery command I specified earlier, and replace John with your own name
Finding BASE DN of user locations, you can run
dsquery user -name <<your name>>*
e.g. dsquery user -name john*
Post the results and I'll tell you the base DN.
We have another LDAP client (moodle) web based that is connected to our AD. the setting is as follow:
Distinguished Name: If you want to use bind-user to seach users, specify it here..etc
cn=moodl,cn=users,dc=stud-
Contexts: List of contexts where suers are located. Separate different contexts with; ...etc
cn=users,dc=stud-ndtc,dc=l
I set it as following:
<ldapserver id="ldapserver" listenref="ldapserver">
<hostname>10.1.1.5</hostna
<base>cn=users,dc=stud-ndt
<user>cn=moodle,cn=users,d
<pass>PASSWORD</pass>
<replicate>1</replicate> <!-- add new users from LDAP to
Koha database -->
<update>1</update> <!-- update existing users in Koha
database -->
<auth_by_bind>1</auth_by_b
<mapping> <!-- match koha SQL field names to your
LDAP record field names -->
<firstname is="givenName" ></firstname>
<surname is="sn" ></surname>
<userid is="uid"></userid>
<password is="userPassword" ></password>
<email is="mail"></email>
<address is="address">Default Address</address>
<city is="city">Default City</city>
<branchcode is="branch">Default Branch Code</branchcode>
<categorycode is="category">Default Catefory Code</categorycode>
</mapping>
</ldapserver>
After setting this users under active directory can't login, even admin user that was created under koha itself can't login.
if I try Active Directory user I get error message (You entered an incorrect username or password. Please try again! And remember, usernames and passwords are case sensitive.)
Distinguished Name: If you want to use bind-user to seach users, specify it here..etc
cn=moodl,cn=users,dc=stud-
Contexts: List of contexts where suers are located. Separate different contexts with; ...etc
cn=users,dc=stud-ndtc,dc=l
I set it as following:
<ldapserver id="ldapserver" listenref="ldapserver">
<hostname>10.1.1.5</hostna
<base>cn=users,dc=stud-ndt
<user>cn=moodle,cn=users,d
<pass>PASSWORD</pass>
<replicate>1</replicate> <!-- add new users from LDAP to
Koha database -->
<update>1</update> <!-- update existing users in Koha
database -->
<auth_by_bind>1</auth_by_b
<mapping> <!-- match koha SQL field names to your
LDAP record field names -->
<firstname is="givenName" ></firstname>
<surname is="sn" ></surname>
<userid is="uid"></userid>
<password is="userPassword" ></password>
<email is="mail"></email>
<address is="address">Default Address</address>
<city is="city">Default City</city>
<branchcode is="branch">Default Branch Code</branchcode>
<categorycode is="category">Default Catefory Code</categorycode>
</mapping>
</ldapserver>
After setting this users under active directory can't login, even admin user that was created under koha itself can't login.
if I try Active Directory user I get error message (You entered an incorrect username or password. Please try again! And remember, usernames and passwords are case sensitive.)
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
is there a way to test LDAP Connection Linux to windows Active Directory, using command line?
I have download ldapsearch tool to test connection linux to Active Directory, i got following error:
[root@RHEL5 html]# ldapsearch -x -h 10.1.1.5 moodle -w PASSWORD -b "ou=students,dc=stud-ndtc,
# extended LDIF
#
# LDAPv3
# base <ou=students,dc=stud-ndtc,
# filter: (objectclass=*)
# requesting: moodle
#
# search result
search: 2
result: 1 Operations error
text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this ope
ration a successful bind must be completed on the connection., data 0, vece
# numResponses: 1
any idea why this error?
[root@RHEL5 html]# ldapsearch -x -h 10.1.1.5 moodle -w PASSWORD -b "ou=students,dc=stud-ndtc,
# extended LDIF
#
# LDAPv3
# base <ou=students,dc=stud-ndtc,
# filter: (objectclass=*)
# requesting: moodle
#
# search result
search: 2
result: 1 Operations error
text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this ope
ration a successful bind must be completed on the connection., data 0, vece
# numResponses: 1
any idea why this error?
In noticed differences in your Base DN configs between the application and ldap test tool.
Config #1
cn=users,dc=stud-ndtc,dc=l
Config #2
ou=students,dc=stud-ndtc,d
I also notice that the username for the moodle application is "moodl" and your ldap search tool is using username "moodle"
Correct the username to and test again, if username is correct the adjust the base DN to reference the root of your domain = dc=stud-ndtc,dc=local and see if that works.
Config #1
cn=users,dc=stud-ndtc,dc=l
Config #2
ou=students,dc=stud-ndtc,d
I also notice that the username for the moodle application is "moodl" and your ldap search tool is using username "moodle"
Correct the username to and test again, if username is correct the adjust the base DN to reference the root of your domain = dc=stud-ndtc,dc=local and see if that works.
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
ldapsearch works issuing following command:
ldapsearch -x -D "cn=moodle,cn=users,dc=stu
OR
Addming 'sAMAccountName' at the end.
I have set koha-conf.XML file , but when I try to logging to koha, I get error message (You entered an incorrect username or password. Please try again! And remember, usernames and passwords are case sensitive.)
koha-conf.XML configuration file is as follow
<ldapserver id="ldapserver" listenref="ldapserver">
<hostname>10.1.1.5</hostna
<base> CN=Users,DC=stud-ndtc,DC=l
<user>CN=moodle,CN=Users,D
<pass>PASS</pass>
<replicate>1</replicate> <!-- add new users from LDAP to
Koha database -->
<update>1</update> <!-- update existing users in Koha
database -->
<auth_by_bind>1</auth_by_b
<mapping> <!-- match koha SQL field names to your
LDAP record field names -->
<firstname is="givenName" ></firstname>
<surname is="sn" ></surname>
<userid is="sAMAccountName"></user
<password is="userPassword" ></password>
<email is="mail"></email>
<address is="address">Default Address</address>
</mapping>
</ldapserver>
</config>
</yazgfs>
ldapsearch -x -D "cn=moodle,cn=users,dc=stu
OR
Addming 'sAMAccountName' at the end.
I have set koha-conf.XML file , but when I try to logging to koha, I get error message (You entered an incorrect username or password. Please try again! And remember, usernames and passwords are case sensitive.)
koha-conf.XML configuration file is as follow
<ldapserver id="ldapserver" listenref="ldapserver">
<hostname>10.1.1.5</hostna
<base> CN=Users,DC=stud-ndtc,DC=l
<user>CN=moodle,CN=Users,D
<pass>PASS</pass>
<replicate>1</replicate> <!-- add new users from LDAP to
Koha database -->
<update>1</update> <!-- update existing users in Koha
database -->
<auth_by_bind>1</auth_by_b
<mapping> <!-- match koha SQL field names to your
LDAP record field names -->
<firstname is="givenName" ></firstname>
<surname is="sn" ></surname>
<userid is="sAMAccountName"></user
<password is="userPassword" ></password>
<email is="mail"></email>
<address is="address">Default Address</address>
</mapping>
</ldapserver>
</config>
</yazgfs>
You're using the username "moodle" and the LDAP query that works in the other app is using username "moodl" - without the "e" at the end.
Please check that you're using the correct username.
Please check that you're using the correct username.
if you check my last comment both of them are moodle
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Yes, and in the 2nd post on this thread...with the details of the other app that works, you used "moodl"
Open a CMD prompt and run the following query and post the results.
dsquery user -samid moodl*
Please post the results.
We have another LDAP client (moodle) web based that is connected to our AD. the setting is as follow:
Distinguished Name: If you want to use bind-user to seach users, specify it here..etc
cn=moodl,cn=users,dc=stud-ndtc,dc=lo cal
Open a CMD prompt and run the following query and post the results.
dsquery user -samid moodl*
Please post the results.
I don't have admin password for AC, but from remote machine i run bellow command and got this result:
ldapsearch -x -D "cn=moodle,cn=users,dc=stu
result is below, if you want me to run another command please tell me.
thanks
ldapsearch -x -D "cn=moodle,cn=users,dc=stu
result is below, if you want me to run another command please tell me.
thanks
# moodle, Users, stud-ndtc.local
dn: CN=moodle,CN=Users,DC=stud-ndtc,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: moodle
description: User account to bind Moodle server to LDAP
givenName: moodle
distinguishedName: CN=moodle,CN=Users,DC=stud-ndtc,DC=local
instanceType: 4
whenCreated: 20090926083410.0Z
whenChanged: 20110510011429.0Z
displayName: moodle
uSNCreated: 484218
uSNChanged: 8654676
name: moodle
objectGUID:: zrY8Z/GOLUO8xwGwZYm1Iw==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 129502633566825668
lastLogoff: 0
lastLogon: 129502633619327012
pwdLastSet: 129180500773089149
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAlh/fSC2rvb6MYmLrPgcAAA==
adminCount: 1
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: moodle
sAMAccountType: 805306368
userPrincipalName: moodle@stud-ndtc.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ndtc,DC=local
dSCorePropagationData: 20091130094848.0Z
dSCorePropagationData: 20091126185827.0Z
dSCorePropagationData: 20091126165219.0Z
dSCorePropagationData: 20090927083553.0Z
dSCorePropagationData: 16010101181633.0Z
lastLogonTimestamp: 129494636694055395
please run this command.
dsquery user -samid moodl*
dsquery user -samid moodl*
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
I asked windows administrator to run that command the result was:
"CN=moodle,CN=Users,DC=ndt
"CN=moodle,CN=Users,DC=ndt
Then that is what you should enter as the user:CN=moodle,CN=Users,DC
This account is from a domain called: ndtc.local
The one used previously is from another domain called: stud-ndtc.local
Double check the password again.
From the command prompt run the following:
runas /user:moodle calc.exe
when prompted for the password enter the password that you know.
If the windows Calculator opens up then you're using the correct username/password, else you'll get a username/password not correct message.
Verify/Reset the credentials and try again.
This account is from a domain called: ndtc.local
The one used previously is from another domain called: stud-ndtc.local
Double check the password again.
From the command prompt run the following:
runas /user:moodle calc.exe
when prompted for the password enter the password that you know.
If the windows Calculator opens up then you're using the correct username/password, else you'll get a username/password not correct message.
Verify/Reset the credentials and try again.
thanks the problem was from koha itself, I had to make sure both categorycode & branchcode are specified or it will give error message data missing.
thanks for your help
thanks for your help
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Windows Server 2003
--
Questions
--
Followers
Top Experts
Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).