Forums / Install & configuration / LDAP auth problem

LDAP auth problem

Author Message

Barbe Amaury

Friday 20 November 2009 12:59:39 am

Hello there,

Firstly, sorry for my approximate English.

I am establishing an Intranet for my company and I tried to bind it to my AD server for authentication and user groups. I filled my ldap.ini with informations I used for an other website's ldap auth so I am sure it is correct. But when I put the right LDAP host and I try to connect with my AD account, it is loading until a timeout.

here is my ldap.ini:

[LDAPSettings]
# Enable tracing the the ldap login, outputs extensive debug info for use during setup
# NOTE: Do not keep this enabled on production setup as login name and passwords will be
# logged to logfiles or outputted if DebugOutput settings are enabled.
LDAPDebugTrace=disabled
# Set LDAP version number
LDAPVersion=3
# Determines whether the LDAP library automatically follows referrals returned by LDAP servers or not.
# set to 1 to enable
LDAPFollowReferrals=0
# Set to true if use LDAP server
LDAPEnabled=true
# LDAP host
LDAPServer=srv01001-dmz1
# Port nr for LDAP, default is 389
LDAPPort=389
# Specifies the base DN for the directory.
LDAPBaseDn=DC--SOLIC,DC--RSX
# If the server does not allow anonymous bind, specify the user name for the bind here.
LDAPBindUser= ******
# If the server does not allow anonymous bind, specify the password for the bind here.
LDAPBindPassword= ******
# Could be sub, one, base.
LDAPSearchScope=sub
# Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFilters
LDAPEqualSign=--
# Add extra search requirment. Uncomment it if you don't need it.
# Example LDAPSearchFilters[]=objectClass--inetOrgPerson
LDAPSearchFilters[]
# LDAP attribute for login. Normally, uid
LDAPLoginAttribute=userPrincipalName
# Could be id or name
LDAPUserGroupType=id
# Default place to store LDAP users. Could be content object id or group name for LDAP user group,
# depends on LDAPUserGroupType.
LDAPUserGroup[]
# Group mapping settings:
# Root node id where LDAP groups are created, node id: 5 is used if blank
LDAPGroupRootNodeId=5
# Possible values: UseGroupAttribute (old style group assignig using LDAPUserGroupAttribute setting),
# SimpleMapping (using LDAPUserGroupMap array for name-to-name group mapping) or GetGroupsTree
LDAPGroupMappingType=UseGroupAttribute
# Base LDAP dn which should be used to fetch user group objects from LDAP
LDAPGroupBaseDN=
# LDAP user group class
LDAPGroupClass=exampleGroupDAClassName
# Attribute which should be used to obtain name of an LDAP group
# Required then 'LDAPGroupMappingType' is set to 'GetGroupsTree' or 'SimpleMapping'
LDAPGroupNameAttribute=cn
# Attribute of LDAP user which should be used to obtain groups which user(group) belongs to.
# Required then 'LDAPGroupMappingType' is set to 'GetGroupsTree' or 'SimpleMapping'
LDAPGroupMemberAttribute=member
# Attribute which contain description of LDAP group, optional
LDAPGroupDescriptionAttribute=
# Group names map (from LDAP to ezpublish user-groups),
# used then 'LDAPGroupMappingType' is set to 'SimpleMapping'
LDAPUserGroupMap[]
# LDAP attribute type for user group. Could be name or id
LDAPUserGroupAttributeType=name
# LDAP attribute for user group. For example, employeetype. If specified, LDAP users
# will be saved under the same group as in LDAP server.
LDAPUserGroupAttribute=employeetype
# LDAP attribute for First name. Normally, givenname
LDAPFirstNameAttribute=givenname
# If cn (common name) is used for first name, sn (Last name) will be removed from first name
LDAPFirstNameIsCommonName=false
# LDAP attribute for Last name. Normally, sn
LDAPLastNameAttribute=sn
# LDAP attribute for email. Normally, mail
LDAPEmailAttribute=mail
# For use if LDAP does not return mail, creates one using login name + email suffix, like '@ez.no'
LDAPEmailEmptyAttributeSuffix=@solic-group.com
# LDAP encoding is utf-8 or not
Utf8Encoding=false
# if 'enabled' you can move LDAP users to a different group and they will not
# be automatically moved back (to the group they are configured to be placed in)
# when the user logs in again.
KeepGroupAssignment=disabled

Can anyone see where is my problem? Any clue?