LDAP Idiot's guide

I’m sure I’m not the only person who has a background in the friendly UI of Windows domains who is struggling to get the LDAP stuff to work.
Maybe this question can form the start of a new Wiki on authentication (I’ve not tried the google stuff).

My domain originated in SBS 2008. It’s 2016 now, but the names have carried forward, hence some of the naming below is verbose. The User Filter below was copied from another post, the Username and Search Base were derived using dsquery.
When I save any changes and view the log, I see lots of responses with 200, so something is connecting.
I’ve created a group called Test and added 2 users. Neither can login and neither appears in the user list.

What’s going wrong?

LDAP Host: dc4.pursuit.local
LDAP Port: 389
LDAP Security: None
Username or DN: CN=Andrew Baines,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=pursuit,DC=local
User Search Base:CN=Test,OU=Security Groups,OU=MyBusiness,DC=pursuit,DC=local
User Filter: (|(sAMAccountName={login})(mail={login}))
Email Attribute: userPrincipalName

Hi Andrew,

You needn’t even do a full google LDAP lookup (pun intended) on this. Maybe a https://discourse.metabase.com one is sufficient:


In that list I think LDAP Debugging is particularly well written. I like its:

Just by looking at your post above I’m getting a suspicion either email in your filter or userPrincipalName just below could be off. I would expect that attribute name to match. Otherwise at least make sure they are both populated (for everyone) you use with Metabase.

1 Like

Thanks for pointing me towards LDAP Debugging. Not sure why I didn’t see that earlier.

I’ve cut the filters and the OU right back and it’s working now. Bizarrely, Windows AD gives each users 2 email addresses.
One under general:
and the other under general:
It’s the 2nd one that’s picked up by LDAP.

1 Like

Great you got it working. :tada:

Yes, MSAD got their own ways (finicky additions/differences here & there sAMAccountName?!?). MS even used to have their own networking until they realized that TCP/IP and WWW probably would win :wink:

I remember setting up TCP/IP in parallel with IPX/SPX on Windows 3.11 over the old coax network cable. Ran so slowly we had to drop TCP/IP. Never had the misfortune to work with Microsoft’s networking though (NETBEUI?).
Still miss Netware - there’s no file server that manages deleted files so well.

1 Like