Tuesday, September 19, 2006

Haven't posted anything for a while but I have been messing with some interesting things. Been working on creating a portal site using metadot http://www.metadot.com/ I had the hardest time getting LDAP authentication to work but here is a quick tutorial on what finally made it go.

Metadot: Setup LDAP authentication for active directory on server 2003

Under manage/config/

Click enable for LDAP registration

Click Modify under registration params

LDAP server should be your LDAP server, either name or IP

BASE DN:
This is where the LDAP searches will begin

In my environment it is

OU=National Users,DC=nffc,DC=local

One way you can find this out is by using a program called OldCmp http://www.joeware.net/win/free/tools/oldcmp.htm

Run this command oldcmp -report -age 1 -users (This generates a report of users passwords that are older then 1 day)

Open this report and look at your users, it should help in figuring out what your base DN is.

Next you need the user unique identifier, this was confusing for a bit, but this is the filed that LDAP is going to look up against. (Which is also why you can assign it a label in case your want to compare on something different then email address)

A couple of 'User unique identifier in LDAP directory options' are: Mail, userPrincipalName or CN more info http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm

Mail ---> The users email address
userPrincipalName ---> The users logon on name i.e. jschmoe@mydomain.local
CN ---> The users name i.e. joe schmoe

I configured it to use LDAP for authentication only so I have not messed with profile management yet.

The last hoop to configure is click the radial button to select DN: (you have to do this for active directory)

Now you need to supply a user that can do LDAP lookups. After you create this user you can use OldCmp to find out its DN

An example DN is cn=metadot,ou=service accounts,ou=national users,dc=nffc,dc=local
and then of course set the password.

No comments: