Hello Koen! I have some vbscripts if the configuration is the issue.
First, this lists all your domain controllers. Helpful if you don't know
which server is setup to service your ldap requests. You can try all of
them.
Just save this as a 'get server names.vbs' and run it... You just have to
be logged in to active directory, and no configuration is needed for these
scripts. It will find the configuration of your servers itself.
-------------------------------
ldapFilter = "(&(objectClass=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))"
Set rootDSE = GetObject("LDAP://rootDSE")
configDN = rootDSE.Get("configurationNamingContext")
Set ado = CreateObject("ADODB.Connection")
ado.Provider = "ADSDSOObject"
ado.Open "ADSearch"
Set objectList = ado.Execute("<LDAP://" &configDN& ">;" & ldapFilter &
";distinguishedName;subtree")
c = ""
While Not objectList.EOF
nTSDSA = objectList.Fields("distinguishedName")
serverDN = Mid(nTSDSA, 18)
'CN=NTDS Settings abschneiden => Server Objekt
Set serverObj = GetObject("LDAP://" & serverDN )
'WScript.Echo serverObj.dNSHostName
c = c + serverObj.dNSHostName + " "
objectList.MoveNext
Wend
WScript.Echo c
-------------------------------
The second script shows your FQDN...
-------------------------------
' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
' Specify the NetBIOS name of the domain and the NT name of the user.
strNTName = InputBox("Enter your LOGIN ID:", "Check Login", "domain\login")
' Use the NameTranslate object to convert the NT user name to the
' Distinguished Name required for the LDAP provider.
Set objTrans = CreateObject("NameTranslate")
' Initialize NameTranslate by locating the Global Catalog.
objTrans.Init ADS_NAME_INITTYPE_GC, ""
' Use the Set method to specify the NT format of the object name.
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
' Use the Get method to retrieve the RFC 1779 Distinguished Name.
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Escape any "/" characters with backslash escape character.
' All other characters that need to be escaped will be escaped.
strUserDN = Replace(strUserDN, "/", "\/")
wscript.echo "Your user string is: " & strUserDN
' Bind to the user object in Active Directory with the LDAP provider.
Set objUser = GetObject("LDAP://" & strUserDN)
-------------------------------
(change the words "domain\login" and put in your own domain and login, or
leave it as is and type in the correct values when prompted) It will also
bind to ldap, to test that it works.
Now to configure LDAP... you need to add this information that you got here
(in your models)...
-------------------------------
from gluon.contrib.login_methods.ldap_auth import ldap_auth
auth.settings.login_methods = [ldap_auth(mode='ad',
server='SERVERNAME.FROM.FIRST.SCRIPT',
base_dn='OU=EMPLOYEES,DC=USA,DC=DIVISION,DC=CORPORATE,DC=com')]
-------------------------------
That is the configuration line specific to your active directory. For the
rest, just follow the AD guide on web2pyslices.
On Monday, July 15, 2013 4:40:59 AM UTC-7, Koen Vanhees wrote:
>
> All,
>
> I'm having some issues with integrating Active Directory authentication in
> my app.
> Although telnet to the domain controller works, also tcpdump seems to send
> and receive information to the domain controller, Logging level set
> to"debug" doesn't reveal much more:
> DEBUG:web2py.auth.ldap_auth:mode: [ad] manage_user: [False] custom_scope:
> [subtree] manage_groups: [False]
> INFO:web2py.auth.ldap_auth:[192.168.1.115] Initialize ldap connection
>
> Any hints are very welcome...
>
> Cheers,
> Koen
>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
