administration > settings > Auth type > set to AD authentication and save settings
administration > AD connection settings appear, there you can set AD connection parameters. If you want to search for domain users you have to add admin/pass also
add new user, set user type as domain and username same as in domain
thanks should be it.
brm
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
Anonymous
-
2013-11-25
There seems to be an issue with AD where the username is the same as the first name of the user auth fails
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
Anonymous
-
2014-02-28
With the settings you have suggested above, I still fail to authenticate despite that the AD testing in the config has passed.
*** Error *
Can't contact LDAP server
Failed to authenticate user against AD!*****
My settings:
Base DN: CN=sv_user,OU=SvAccounts,OU=AltUserAccounts,OU=UserAccounts,DC=,DC=
Account suffix: @***.com
Domain account: sv_user
<password>
Use SSL: false
Use TLS: false
AD port: 636
Test settings: shows "AD network connection ok!"
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Miha,
I know this post is a little older, but I'm having a heck of a time finding solid documentation on how to properly make use of AD Groups and AD Auth together. From what I've conjured up thus far, here's what I've come up with. I'm hoping you can validate this.
BASIC AD SETUP
As stated above, get the PHPIPAM instance setup to use AD.
Create your AD User locally in PHPIPAM first that will be used for BINDING to AD
Set AD as the Authentication type, then proceed to the Active Directory section
Fill in all necessary details, and ensure you use the user you created locally as the ad-binding (Was setup as "Active Directory" as the type
At this point, basic user access is there to auth against AD.
Create new users in PHPIPAM that are "Domain" type users.
BASIC GROUP PERMISSIONS
Create groups locally within PHPIPAM. These do not match to ANY Active Directory groups (That I can see)
Add the users that you setup locally as "Domain" users to any local groups that you have setup (Whether the default ones, or custom ones).
Does that about sum it up?
This functionality is a great start, however, the flaw here is for those of us that have MANY instances of PHPIPAM. Our org is VERY large, so we have to have a different instance per product so to speak. This means we have to manage 10 different instances as things are now. If proper AD Group Membership could be queried, and we didn't have to rely on LOCAL user creation, then we could simply create AD groups, place users in groups, and that would give them permissions automatically based on group membership.
Am I missing something somewhere? Is that how this is supposed to be? Sorry if this is a silly question. Thanks in advance for your time. Keep up the amazing work!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi, well it should be simple enough:
thanks should be it.
brm
There seems to be an issue with AD where the username is the same as the first name of the user auth fails
With the settings you have suggested above, I still fail to authenticate despite that the AD testing in the config has passed.
*** Error *
Can't contact LDAP server
Failed to authenticate user against AD!*****
My settings:
Base DN: CN=sv_user,OU=SvAccounts,OU=AltUserAccounts,OU=UserAccounts,DC=,DC=
Account suffix: @***.com
Domain account: sv_user
<password>
Use SSL: false
Use TLS: false
AD port: 636
Test settings: shows "AD network connection ok!"
Are you entering the user/pass correctly (upper/lowercase)?
Tests show that nw connectivity is ok, user auth seem to be failing. Can you see any errors on AS side?
I can write a small script to test your settings?
Turned out that it didn't support port 636. Only supported port right now is the default port 389. Changed to port 389 and everything works great.
Just out of curiosity, is there any plan in the future for non-default LDAP ports support?
Thanks Miha
Turned out that it didn't support port 636. Only supported port right now is the default port 389. Changed to port 389 and everything works great.
Just out of curiosity, is there any plan in the future for non-default LDAP ports support?
Hi, I use ADldap (http://adldap.sourceforge.net) for AD authentication. I believe custom ports should work.
$adldap = new adLDAP(array( 'base_dn'=>$ad['base_dn'], 'account_suffix'=>$ad['account_suffix'], 'domain_controllers'=>$ad['domain_controllers'], 'use_ssl'=>$ad['use_ssl'], 'use_tls'=> $ad['use_tls'], 'ad_port'=> $ad['ad_port'] ));Hi Miha,
I know this post is a little older, but I'm having a heck of a time finding solid documentation on how to properly make use of AD Groups and AD Auth together. From what I've conjured up thus far, here's what I've come up with. I'm hoping you can validate this.
BASIC AD SETUP
BASIC GROUP PERMISSIONS
Does that about sum it up?
This functionality is a great start, however, the flaw here is for those of us that have MANY instances of PHPIPAM. Our org is VERY large, so we have to have a different instance per product so to speak. This means we have to manage 10 different instances as things are now. If proper AD Group Membership could be queried, and we didn't have to rely on LOCAL user creation, then we could simply create AD groups, place users in groups, and that would give them permissions automatically based on group membership.
Am I missing something somewhere? Is that how this is supposed to be? Sorry if this is a silly question. Thanks in advance for your time. Keep up the amazing work!