XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Home
    2. cjackson
    3. Posts
    C
    Offline
    • Profile
    • Following 0
    • Followers 0
    • Topics 0
    • Posts 2
    • Groups 0

    Posts

    Recent Best Controversial
    • RE: Issues synchronizing LDAP groups (Active Directory)

      I had a lot of trouble getting the LDAP integration to work with Active Directory domain controllers, So i wanted to share my configuration and make it easier on others trying to do the same thing in the future.

      Using this config i was able to get everything working, but i found a few limitations:

      1. Xen Orchestra cannot find any group members where the member has the "Primary Group" attribute set.
      2. Only direct members of a group are recognized (nested groups don't work).
      3. When signing in, i have to specify "username" instead of "username@cxlab.domain.com"
      4. Groups are created by clicking "Synchronize LDAP groups", however users are not created until they sign into XOA the first time.
      5. Users are not deleted from Xen Orchestra when they are removed from the domain. (but they can no longer log in to XOA)

      auth-ldap (v0.10.6) - LDAP authentication plugin for XO-Server
      Auto-load at server start [checked]

      Configuration

      URI: ldap://domaincontroller1.cxlab.domain.com

  **Certificate Authorities**
  Check certificate [disabled]
  Use StartTLS [disabled]
  Base: DC=cxlab,DC=domain,DC=com

  **Credentials**
  dn: cxadmin@cxlab.domain.com
  password: ******************

User filter: (sAMAccountName={{name}})
ID attribute: dn

  **Synchronize groups**
  [checked] Fill information (optional)
  Base: CN=Users,DC=cxlab,DC=domain,DC=com
  Filter: (ObjectClass=group)
  ID attribute: dn
  Display name attribute: cn

    **Members mapping**
    Group attribute: member
    User attribute: dn
      posted in Xen Orchestra
      C
      cjackson
    • RE: auth-ldap (v0.6.4) - LDAP authentication plugin for XO-Server

      I had a lot of trouble getting the LDAP integration to work with Active Directory domain controllers, and i kept finding this post over and over.
      So i wanted to share my configuration and make it easier on others trying to do the same thing in the future.

      Using this config i was able to get everything working, but i found a few limitations:

      1. Xen Orchestra cannot find any group members where the member has the "Primary Group" attribute set.
      2. Only direct members of a group are recognized (nested groups don't work).
      3. When signing in, i have to specify "username" instead of "username@cxlab.domain.com"
      4. Groups are created by clicking "Synchronize LDAP groups", however users are not created until they sign into XOA the first time.
      5. Users are not deleted from Xen Orchestra when they are removed from the domain. (but they can no longer log in to XOA)

      auth-ldap (v0.10.6) - LDAP authentication plugin for XO-Server
      Auto-load at server start [checked]

      Configuration

      URI: ldap://domaincontroller1.cxlab.domain.com

  **Certificate Authorities**
  Check certificate [disabled]
  Use StartTLS [disabled]
  Base: DC=cxlab,DC=domain,DC=com

  **Credentials**
  dn: cxadmin@cxlab.domain.com
  password: ******************

User filter: (sAMAccountName={{name}})
ID attribute: dn

  **Synchronize groups**
  [checked] Fill information (optional)
  Base: CN=Users,DC=cxlab,DC=domain,DC=com
  Filter: (ObjectClass=group)
  ID attribute: dn
  Display name attribute: cn

    **Members mapping**
    Group attribute: member
    User attribute: dn
      posted in Xen Orchestra
      C
      cjackson