Loading...
 

LDAP / Active directory


Windows AD issue, no email and name fields

Romania

Hi using Tiki 12.0 and trying to get LDAP auth to work. Struggled with the blank page problem but now it is fine and the users are logging in.

Three problems here:
1. I don't get their real name (cosmetical issue, but it would be nice)
2. The country code - what does it do? I see that they are assigned to the proper language is this the way it should work (not a problem also)?
3. The emails are not retrieved (this is a big problem)

Values in Tiki:
displayName
countryCode
mail (also tried userPrincipalName)

So given I don't have direct access to the LDAP server, what other values should I try, what do you guys have? What is exactly influencing those values, thought those are somehow standard (though Microsoft doesn't have the word "standard" in their vocabulary)?

Later Edit: Managed to get a screenshot from an explorer; "mail" seems the right value... what could be wrong?

Romania

Hello again. And here is the error of the LDAP server:

Event ID 1535
The LDAP server returned an error 0000208D NameError: DSID-0310020A, problem 2001 (NO_OBJECT),data 0, best match of 'DC=xxx,DC=xxx'

PS: User DN is empty it doesn't work otherwise.


Romania
I am still unable to solve this problem, can any LDAP admin help?

United States
Have you tried samAccountName?

Romania
Yes, this is the actual Tiki User attribute filled in.

Canada

Can you try 12.2? Some LDAP things were fixed.

Thanks!

M ;-)



Was this ever resolved. I am my wits end on pulling over the email and name. I am on th 13 stable version of Tiki

Here are some of my ldap specs.

LDAP Bind settings

Host 10.0.0.232 10.0.0.231
Port 389
No SSL
No TLS
LDAP Bind Type Active Directory
Search scope Subtree
LDAP version 3
Base DN DC=myserver,DC=net

LDAP User

User DN This is Blank
User attribute sAMAccountName
User OC person
Realname attribute displayName
Country attribute c
Email attribute mail

LDAP Admin

Admin user blank
Admin password blank


Logs
655 login 16:11 scmgit logged out 172.1.1.2 Mozilla/4.0 (compatible;...
650 ldap 16:10 Anonymous Connect Host:... 172.1.1.2 Mozilla/4.0 (compatible;...
651 ldap 16:10 Anonymous Searching for user information with filter:... 172.1.1.2 Mozilla/4.0 (compatible;...
652 ldap 16:10 Anonymous Connect Host:... 172.1.1.2 Mozilla/4.0 (compatible;...
653 ldap 16:10 Anonymous Bind successful. 172.1.1.2 Mozilla/4.0 (compatible;...
654 login 16:10 scmgit logged from http://10.0.0.242:8080/tiki/tiki-index.php 172.1.1.2 Mozilla/4.0 (compatible;..

I can authenticate and login with the settings above but can't pull over the name and email. I have a windows 2008 r2 server.

Thanks in advance.


I just set up TikiWiki 13 and I am having this same problem.

My settings:
LDAP Bind Type: Active Directory (username@domain)
Search scope: Subtree
LDAP version; 3
Base DN: DC=domainname,DC=com
User DN: empty
User attribute: sAMAccountName
User OC: user
Realname attribute: displayName
Country attribute: c
Email attribute: mail

Users can log-in but their real name, mail and country informations are not retrieved.


I am having the same issue here.

The users email is not being generated from the Email Attribute but from the User attribute. This appears to be a bug.

I have User Attribute set to sAMAccountName and Email Attribute set to userPrincipalName and yet the accounts are being generated from the sAMAccountName.

Does anyone know what version has LDAP working with Active Directory?


I'm glad I'm not the only one with this problem.

Authentication against AD work fine and the user account is created in Tiki,  but it doesn't pull over the email address.  I'm using Tiki 12.3 LTS.

I was able to go into the user preferences after the fact and add the email address, but I really don't want to have my users go through this extra, unnecessary step. It should populate the email field when the user first logs in.

Any help would be greatly appreciated.


Hi jnewmaster and AndrewH,

I just reply for that there is not no answer from the community. Sadly I am not at all involved in LDAP stuff and I do not know who of our devs would be the appropriate person to ask. Aswell we are quite busy with Bootstrap related changes, Tiki14 release and overall code consolidation ... ressources seem quite limited these times.

I suggest that you would start a thread in the Tiki user mailinglist and aswell write to the Tiki dev mailinglist and ask there who would have some experience with the LDAP feature.

http://tiki.org/Mailing+Lists

Imho it will be even a bit more difficult, as as far as I know most of the devs work with Mac or Linux (at least server based).

I think LDAP is a very important feature and soon needs more care as some of us want to takle the professional market. Anyway I doubt that we find a very quick solution.

I cross fingers, that you find somebody in the mailing list who can guide you to a solution.

Best regards,
Torsten

Thank You  Torsten,

I will post a thread as you suggested.  I'm sure there has to be a simple solution to this problem, it's a matter of finding the right person with the answer.

 

   Thanks Again,

    Andrew

 


Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.