I've successfully set up my K1000 to use our AD ldap for both admins and users. When I set the K2000 up the same way, I get caught in a catch 22. When I set the server host name to be ldaps://ad server name or ldaps://ad server IP (like I did on the 1000) and then click "Test LDAP Settings", the test works.

Testing AD Admins connection to: ldaps://(server) on port: 636OK: Connection Successful.
OK: Setting Protocol Version 3 Successful.
OK: Setting LDAP REFERRALS Option 0 Successful.
OK: Search Bind using LDAP supplied credentials Successful.
OK: LDAP search (with filter [(&(samaccountname=KBOX_USER)(memberof=CN=Kbox-Admins))]) Successful.
OK: LDAP Search successful with 0 entries found.
OK: Secondary bind using [] successful
OK: LDAP Test Successful. Closing connection.

When I try to save the configuration, I get the message "Please enter valid server host name or IP address." If I drop the ldaps:// and just have the name or IP, search bind fails.

Testing AD Admins connection to: (server) on port: 636OK: Connection Successful.
OK: Setting Protocol Version 3 Successful.
OK: Setting LDAP REFERRALS Option 0 Successful.
Error: Search Bind using LDAP supplied credentials Failed.
Error: LDAP Test Failed. Closing connection.

All settings are the same for the other fields, so the only difference is the ldaps://

Any ideas? Thanks.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Perhaps the K2000 does not yet support secure LDAP? I can't remember off the top of my head, but it sounds familiar...
Answered 11/23/2011 by: airwolf
Tenth Degree Black Belt

Please log in to comment
0
It does, the issue is related to their inability to handle wild cards. I have already opened a ticket with them on this issue.
In your password do not use &,*,'," and it will fix it.

You can verify this as well by going back into the configuration after you have saved it and noting the # of "dots" in the password field then count that same # in your password. Remove the character after that count and try again.

Again, i have opened a ticket with KACE about it on the K2000/K1000 models.
Answered 11/23/2011 by: jhoegl
Senior Yellow Belt

Please log in to comment
0
If ssl wasn't working at all, I didn't think I would have gotten successful test results over 636. However, SSL Checker shows no ssl, and there isn't a way to configure ssl certs.

I went back in and changed to port 389, so now I get successful test results and can save the config. However, login to the web ui fails with the AD account.

I don't have any of the characters listed in my password. I do see that there are more dots than there are characters in my password, but I thought that was just the generic way to hide how many characters are in the password. My k1000 has the same setup and also shows more dots than there really are, but it's working. Also, after I save the config on the 2000 and then go back in, the ldap test is still successful.
Answered 11/23/2011 by: tpr
Fifth Degree Brown Belt

Please log in to comment
0
Oh, so after you go back into a saved LDAP config and dont reapply the password or anything, and just hit "test LDAP", it works?

It may be the Search Base DN, as users must be in that search DN/OU to qualify. the LDAP.

Also, you dont need to put domain\uid, just the UID will work.
Answered 11/23/2011 by: jhoegl
Senior Yellow Belt

Please log in to comment
0
Thanks, Corey. I'll call next week.
Answered 11/23/2011 by: tpr
Fifth Degree Brown Belt

Please log in to comment
Answer this question or Comment on this question for clarity

Share