auth-ldap (v0.6.4) - LDAP authentication plugin for XO-Server
-
I had a lot of trouble getting the LDAP integration to work with Active Directory domain controllers, and i kept finding this post over and over.
So i wanted to share my configuration and make it easier on others trying to do the same thing in the future.Using this config i was able to get everything working, but i found a few limitations:
- Xen Orchestra cannot find any group members where the member has the "Primary Group" attribute set.
- Only direct members of a group are recognized (nested groups don't work).
- When signing in, i have to specify "username" instead of "username@cxlab.domain.com"
- Groups are created by clicking "Synchronize LDAP groups", however users are not created until they sign into XOA the first time.
- Users are not deleted from Xen Orchestra when they are removed from the domain. (but they can no longer log in to XOA)
auth-ldap (v0.10.6) - LDAP authentication plugin for XO-Server
Auto-load at server start [checked]Configuration
URI: ldap://domaincontroller1.cxlab.domain.com **Certificate Authorities** Check certificate [disabled] Use StartTLS [disabled] Base: DC=cxlab,DC=domain,DC=com **Credentials** dn: cxadmin@cxlab.domain.com password: ****************** User filter: (sAMAccountName={{name}}) ID attribute: dn **Synchronize groups** [checked] Fill information (optional) Base: CN=Users,DC=cxlab,DC=domain,DC=com Filter: (ObjectClass=group) ID attribute: dn Display name attribute: cn **Members mapping** Group attribute: member User attribute: dn
-
K kagbasi-wgsdac referenced this topic on