LDAP catalog + specific domain users

Fred's Avatar

Fred

04 Jul, 2013 11:52 PM

I'm not having any success trying to set up an LDAP catalog. I'm not sure what the Server Address should be or how I might find it for my company.

Even if I do set it up correctly, I'm not sure how it works. We have a company with lots of employes, but I only want a handful of logins to have access to hglab. If LDAP is set up, does that mean anyone who can authenticate onto the network has access to hglab?

  1. Support Staff 1 Posted by Anton Gogolev on 05 Jul, 2013 06:21 AM

    Anton Gogolev's Avatar

    Fred,

    What are the specific issues you're having with LDAP catalog?

    As far as only enabling specific uses to sign in to HgLab, there are two options.

    First, you can set Base Container so that it would only contain a subset of users (like ou=Developers,ou=Staff,dc=example,dc=com would only allow Developers to sign in to HgLab). This, however, requires your ActiveDirectory catalog to be set up with this kind of hierarchy in mind.

    Second (and this can either be used in combination with the first option or used independently) you can only add specific users/groups to Teams (for each project), so that only a select handful of users will be able to see stuff. Everybody else will still be able to sign in, but they will be presented with an empty page.

  2. 2 Posted by Fred on 05 Jul, 2013 01:32 PM

    Fred's Avatar

    Thanks for the reply and great tool!

    I can see now where I can make use of Teams. I just need to get the LDAP settings right.

    For Server Address, how would you find that out?

    Bind Login and Password. I assume that would be my "domain\username" and password?

    Can Base Container be empty? I've no idea what that should be for my company.

    LDAP Authentication, I assume we want it enabled?

  3. Support Staff 3 Posted by Anton Gogolev on 05 Jul, 2013 05:54 PM

    Anton Gogolev's Avatar

    Setting up an LDAP connection will be a lot of trial and error.

    You can run echo %LOGONSERVER% in a command prompt and the output will most likely be a name (or an IP address) of the domain controller.

    You can also try running gpresult - you can get lots of useful information from that tool.

    You'd typically want an IP to be used as the server address. It's also common to have a separate AD user to be used to connect to a domain controller to perform lookups. You can try using your own credentials (either prefixed with domain\ or not - that really depends on your environment). Base container you can sort of get fromgpresult output, but I'd recomment contacting a sysadmin for this task.

  4. Anton Gogolev closed this discussion on 22 Aug, 2013 07:53 AM.

  5. Anton Gogolev re-opened this discussion on 22 Aug, 2013 07:54 AM

  6. Support Staff 4 Posted by Anton Gogolev on 22 Aug, 2013 07:54 AM

    Anton Gogolev's Avatar

    Fred,

    Any luck with setting up LDAP?

  7. 5 Posted by Fred on 25 Aug, 2013 10:45 AM

    Fred's Avatar

    Hi Anton,

    Unfortunately no not yet. I went into my company's active directory tool and created a user "hglab" for programmatic access.

    I've tried various combinations of the settings attached. Secure server port, different server addresses etc. the "ldap.myOrg.com" is a load balancer which points to various servers around the globe.

    If I do get the setting right, and a user attempts to log in, what happens then? Are they denied access until I enable it?

  8. Support Staff 6 Posted by Anton Gogolev on 26 Aug, 2013 10:44 AM

    Anton Gogolev's Avatar

    Fred,

    I'm not sure Bind Logins of this form are supported. Try MYORG\hglab or just hglab.

    Also, Base Container seems to be a bit off. I think it should read ou=People,dc=ldap,dc=myorg,dc=com.

    I'm really sorry, but that's all I can help you with at the moment. You can also investigate logs under App_Data to see if there are any LDAP-related exceptions.

    As to what happens when you eventually configure your LDAP Catalog is that any user from the Base Container will be able to sign into HgLab.

  9. 7 Posted by Fergal on 10 Sep, 2013 10:33 AM

    Fergal's Avatar

    Thanks,

    I've tried all sorts of combinations i can think of. There may be even proxy issues at play here. I see no logs in the App_Data folder.

    I've manually added users for now, I might revisit LDAP in future.

  10. Anton Gogolev closed this discussion on 23 Sep, 2013 10:39 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

12 Jan, 2023 12:25 PM
10 Jan, 2023 04:49 PM
03 Aug, 2022 01:49 PM
05 Jul, 2022 07:01 PM
28 Mar, 2022 04:42 PM

 

21 Jan, 2022 10:43 AM
20 Jan, 2022 10:45 AM
18 Jan, 2022 10:15 AM
19 Mar, 2021 06:13 PM
01 Mar, 2021 02:51 PM
01 Jan, 2021 02:19 AM