viernes, 3 de abril de 2015

LDAP User and Group Base DN for Microsoft Active Directory?

How do I find LDAP User and Group Base DN for Microsoft Active Directory?
Solution
Overview
In Reporter 9.x, it is possible to add an LDAP server.  Integrating Reporter with backend LDAP configuration enables standard Reporter users to take advantage of additional features, such as defining roles based on manager-direct report structures.

In order to allow Reporter to query your LDAP server for users and groups, you must specify a user and group base DN.

Cause
Resolution
To find out your user and group base DN, you can run a query from any member server on your Windows domain.

To find the User Base DN:
- Open a Windows command prompt.
- Type the command: dsquery user -name <known username>
(Example: If I were searching for all users named John, I could enter the username as John* to get a list of all users who's name is John)
- The result will look like: "CN=John.Smith,CN=Users,DC=MyDomain,DC=com"
- In Blue Coat Reporter's LDAP/Directory settings, when asked for a User Base DN, you would enter:  CN=Users,DC=MyDomain,DC=com


To find the Group Base DN:
- Open a Windows command prompt
- Type the command: dsquery group -name <known group name>.
(Example: If I were searching for a group called Users, I could enter the group name as Users* to get a list of all groups who's name contains "Users")
- The result will look like: "CN=Users,CN=Builtin,DC=MyDomain,DC=com"
- In Blue Coat Reporter's LDAP/Directory settings, when asked for a User Base DN, you would enter: CN=Users,CN=Builtin,DC=MyDomain,DC=com.

TIP:  This link provides you with a discussion on what Microsoft tools are available: BLOG

NOTE: Links to other LDAP articles for Reporter.

For more details on how to setup LDAP on Reporter, see 000013348

For details on how to use the search user, and what rights it needs in AD, see 000007755

For details on how LDAP nested groups work in Reporter, see 000010794

For details on what the errors mean after you press the LDAP test button, see 000015695

For details on what the LDAP atributes mean, see 000021975
en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)
Blogger Widgets