I had a lot of trouble getting the LDAP integration to work with Active Directory domain controllers, and i kept finding this post over and over.
So i wanted to share my configuration and make it easier on others trying to do the same thing in the future.
Using this config i was able to get everything working, but i found a few limitations:
Xen Orchestra cannot find any group members where the member has the "Primary Group" attribute set.
Only direct members of a group are recognized (nested groups don't work).
When signing in, i have to specify "username" instead of "
username@cxlab.domain.com"
Groups are created by clicking "Synchronize LDAP groups", however users are not created until they sign into XOA the first time.
Users are not deleted from Xen Orchestra when they are removed from the domain. (but they can no longer log in to XOA)
auth-ldap (v0.10.6) - LDAP authentication plugin for XO-Server
Auto-load at server start [checked]
Configuration
URI: ldap://domaincontroller1.cxlab.domain.com
**Certificate Authorities**
Check certificate [disabled]
Use StartTLS [disabled]
Base: DC=cxlab,DC=domain,DC=com
**Credentials**
dn: cxadmin@cxlab.domain.com
password: ******************
User filter: (sAMAccountName={{name}})
ID attribute: dn
**Synchronize groups**
[checked] Fill information (optional)
Base: CN=Users,DC=cxlab,DC=domain,DC=com
Filter: (ObjectClass=group)
ID attribute: dn
Display name attribute: cn
**Members mapping**
Group attribute: member
User attribute: dn
