Thanks Derek!
I found out the issue was caused by a mistake in the admin account
creation...
*facepalm*
:)
Op maandag 15 juli 2013 19:23:32 UTC+2 schreef Derek het volgende:
>
> Hello Koen! I have some vbscripts if the configuration is the issue.
> First, this lists all your domain controllers. Helpful if you don't know
> which server is setup to service your ldap requests. You can try all of
> them.
> Just save this as a 'get server names.vbs' and run it... You just have to
> be logged in to active directory, and no configuration is needed for these
> scripts. It will find the configuration of your servers itself.
>
> -------------------------------
>
> ldapFilter = "(&(objectClass=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))"
>
> Set rootDSE = GetObject("LDAP://rootDSE")
> configDN = rootDSE.Get("configurationNamingContext")
>
> Set ado = CreateObject("ADODB.Connection")
> ado.Provider = "ADSDSOObject"
> ado.Open "ADSearch"
> Set objectList = ado.Execute("<LDAP://" &configDN& ">;" & ldapFilter &
> ";distinguishedName;subtree")
> c = ""
> While Not objectList.EOF
> nTSDSA = objectList.Fields("distinguishedName")
> serverDN = Mid(nTSDSA, 18)
> 'CN=NTDS Settings abschneiden => Server Objekt
> Set serverObj = GetObject("LDAP://" & serverDN )
>
> 'WScript.Echo serverObj.dNSHostName
> c = c + serverObj.dNSHostName + " "
>
> objectList.MoveNext
> Wend
> WScript.Echo c
>
> -------------------------------
>
> The second script shows your FQDN...
>
> -------------------------------
> ' Constants for the NameTranslate object.
> Const ADS_NAME_INITTYPE_GC = 3
> Const ADS_NAME_TYPE_NT4 = 3
> Const ADS_NAME_TYPE_1779 = 1
>
> ' Specify the NetBIOS name of the domain and the NT name of the user.
> strNTName = InputBox("Enter your LOGIN ID:", "Check Login", "domain\login")
>
> ' Use the NameTranslate object to convert the NT user name to the
> ' Distinguished Name required for the LDAP provider.
> Set objTrans = CreateObject("NameTranslate")
>
> ' Initialize NameTranslate by locating the Global Catalog.
> objTrans.Init ADS_NAME_INITTYPE_GC, ""
> ' Use the Set method to specify the NT format of the object name.
> objTrans.Set ADS_NAME_TYPE_NT4, strNTName
>
> ' Use the Get method to retrieve the RFC 1779 Distinguished Name.
> strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
>
> ' Escape any "/" characters with backslash escape character.
> ' All other characters that need to be escaped will be escaped.
> strUserDN = Replace(strUserDN, "/", "\/")
> wscript.echo "Your user string is: " & strUserDN
>
> ' Bind to the user object in Active Directory with the LDAP provider.
> Set objUser = GetObject("LDAP://" & strUserDN)
> -------------------------------
>
> (change the words "domain\login" and put in your own domain and login, or
> leave it as is and type in the correct values when prompted) It will also
> bind to ldap, to test that it works.
>
> Now to configure LDAP... you need to add this information that you got
> here (in your models)...
> -------------------------------
> from gluon.contrib.login_methods.ldap_auth import ldap_auth
> auth.settings.login_methods = [ldap_auth(mode='ad',
> server='SERVERNAME.FROM.FIRST.SCRIPT',
> base_dn='OU=EMPLOYEES,DC=USA,DC=DIVISION,DC=CORPORATE,DC=com')]
> -------------------------------
> That is the configuration line specific to your active directory. For the
> rest, just follow the AD guide on web2pyslices.
>
> On Monday, July 15, 2013 4:40:59 AM UTC-7, Koen Vanhees wrote:
>>
>> All,
>>
>> I'm having some issues with integrating Active Directory authentication
>> in my app.
>> Although telnet to the domain controller works, also tcpdump seems to
>> send and receive information to the domain controller, Logging level set
>> to"debug" doesn't reveal much more:
>> DEBUG:web2py.auth.ldap_auth:mode: [ad] manage_user: [False] custom_scope:
>> [subtree] manage_groups: [False]
>> INFO:web2py.auth.ldap_auth:[192.168.1.115] Initialize ldap connection
>>
>> Any hints are very welcome...
>>
>> Cheers,
>> Koen
>>
>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
