1

I can’t seem to get the portal to authenticate against AD. I have my server configured and I have the Base DN for LDAP set to searchDC=name,DC=othername,DC=com thinking it will look in all OUs for users? Is that wrong?

portal.png
portal.png800×709 67.5 KB
2 Spice ups
2

First thing: make sure you’re actually syncing to your AD. Go to the http://localhost/settings/active_directory page and use the “Clear” button to wipe out your login credentials, and then re-enter them. Any error messages, screen-shot’em.

Next, try blanking out the Base DN. That’s used to limit Spiceworks’ AD search and it sounds like you want it to reach further.

Let me know if that works.

1 Spice up
3

Thanks,

It’s synchronizing. I’ll get back to you.

4

Okay so I don’t get any errors, but if I try to log in with an AD account I get the screen above. If I input the proper username as in either corp\username or username@sub.domain.com or just username it displays the authentication box again and fails again.

5

Are you logging in with your AD account? Because Admins can’t login to the portal. Have you tested it with an end-user’s account?

1 Spice up
6

Yes I am testing with a different account in an Incognito Tab in Chrome.

7

Search your production log for the username that you attempted to log in with and it failed. What sort of entries come back?

1 Spice up
8

I[12:30:16.93 b62fec] End Users: 42

So it is getting the users

but…

I[15:16:27.24 fd310c] LOGIN_vfC4: Error LdapAuthenticatable::NoEmailInActiveDirectory LdapAuthenticatable::NoEmailInActiveDirectory at

C:/Program Files (x86)/Spiceworks/pkg/gems/spiceworks_models-7.2.00515/end_user/ldap_auth.rb:61:in `ldap_auth_handle_blank_email’

Do I have to add the email attribute in AD to every user in my environment?

9

I do. Okay I get it. If I had on prem exchange I’d be all set, but we are an office 365 environment without SSO setup (On the short list) so out AD mail attribute isn’t set.

Thanks for your help

10

All I did was point. You did all the work.