Ldap Connectivity for customers

[Gunjan]

Hi,

I am trying to do active directory connection, but not able to do so. I am getting error :

[Error][Kernel::System::CustomerUser::LDAP::_Connect][196] First bind failed! Bad file descriptor

Please find the structure below of my active directory and please let me know how can I make these configurations:

ldap structure.png

Code: Select all

#Enable LDAP authentication for Customers / Users
  $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host1'} = 'xxx';
  $Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'DC=A,DC=B';
  $Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'OU=Users,OU=D,OU=C,DC=A,DC=B';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'xxx';
   
  #CustomerUser
#(customer user database backend and settings)
    $Self->{CustomerUser1} = {
	  Name => 'AD Backend',
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => 'xxx',
      BaseDN => 'DC=A,DC=B',
      SSCOPE => 'sub',
      UserDN => 'OU=Users,OU=D,OU=C,DC=A,DC=B',
      UserPw => 'xxx',
      SourceCharset => 'utf-8', 
      DestCharset => 'utf-8', 
    },
# customer unique id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'extensionAttribute1',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
	CustomerUserExcludePrimaryCustomerID => 0,
    CustomerCompanySupport => 1,
	Readonly => 1,
    Map => [
     # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'extensionAttribute1', 0, 1, 'var' ],
	  [ 'UserCustomerIDs', 'CustomerIDs', 'extensionAttribute2', 1, 0, 'var', '', 0 ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  }
  ;

Thanks in Advance!
Gunjan

[crythias]

Hi Gunjan! :) Please update your signature and read my LDAP tutorial linked from my Need help? link.
Short answer: bad file descriptor means you're connecting over ipv6/inet6 and need to connect over inet4

[Gunjan]

Hi Crythias,

I have connected over inet4 and still giving me error. Can you please help me with the configuration that I provided in earlier post. Am I doing something wrong, please let me know?


Regards,
Gunjan

[Gunjan]

I have done everything, but still not able to connect to LDAP. Please help me!

[Gunjan]

Hi,

Finally I am able to connect to one OU with a user present in that OU. but I want the connection to the higher level OU, so that all the users inside that OU should be included, but I am not able to get the all the users under that highest level OU(C in the mentioned example). Can anyone please help me with it?

[Gunjan]

Solved

[Gunjan]

Hi,

I am able to get the AD data and I also used filter to get only users as

(&(objectClass=user)(objectCategory=person))

But I am still getting some computers with users also. Can anybody help me to find only users?


Regards,
Gunjan

[crythias]

filter on OU and maybe email address exists. There are good resources for creating LDAP filters on the web. They work here.