Tuesday, September 19, 2006

Haven't posted anything for a while but I have been messing with some interesting things. Been working on creating a portal site using metadot http://www.metadot.com/ I had the hardest time getting LDAP authentication to work but here is a quick tutorial on what finally made it go.

Metadot: Setup LDAP authentication for active directory on server 2003

Under manage/config/

Click enable for LDAP registration

Click Modify under registration params

LDAP server should be your LDAP server, either name or IP

This is where the LDAP searches will begin

In my environment it is

OU=National Users,DC=nffc,DC=local

One way you can find this out is by using a program called OldCmp http://www.joeware.net/win/free/tools/oldcmp.htm

Run this command oldcmp -report -age 1 -users (This generates a report of users passwords that are older then 1 day)

Open this report and look at your users, it should help in figuring out what your base DN is.

Next you need the user unique identifier, this was confusing for a bit, but this is the filed that LDAP is going to look up against. (Which is also why you can assign it a label in case your want to compare on something different then email address)

A couple of 'User unique identifier in LDAP directory options' are: Mail, userPrincipalName or CN more info http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm

Mail ---> The users email address
userPrincipalName ---> The users logon on name i.e. jschmoe@mydomain.local
CN ---> The users name i.e. joe schmoe

I configured it to use LDAP for authentication only so I have not messed with profile management yet.

The last hoop to configure is click the radial button to select DN: (you have to do this for active directory)

Now you need to supply a user that can do LDAP lookups. After you create this user you can use OldCmp to find out its DN

An example DN is cn=metadot,ou=service accounts,ou=national users,dc=nffc,dc=local
and then of course set the password.

No comments: