Can anyone provide input on initial LDAP Authentication configuration?
I am new in using the KACE SMA and attempting to configure LDAP Authentication, but I continue to get the following errors. I have searched and read through similar questions, but haven't quite found the right answer. Is what I am entering into the Advanced Search and Base DN boxes part of the issue? If so, what should it be to complete the authentication?
Testing LDAP Authentication Settings...
Testing "LDAP User Import" connection to: hv-dc1 on Port: 389
OK: Connection Successful.
OK: Setting Protocol Version 3 Successful.
OK: Setting LDAP REFERRALS Option 0 Successful.
OK: Search Bind using LDAP supplied credentials Successful.
Applying search filter [ObjectGUID,SamAccountName,Display Name,Mail,* ]
Error: LDAP search (with filter [ObjectGUID,SamAccountName,Display Name,Mail,* ]) Failed.
Error: LDAP Test Failed. Closing connection.
OU=I T Staff,DC=hv-dc1,DC=com
please try the following.
If you are in "Settings / Control Panel / User authentication", you can create a new LDAP authentication. After that you type your Domain Controller in the "Hostname or IP Address" field. The Port is at default 389. If you are using secure LDAP you need to set the port to 636. In the "Advanced search" field you must set a query for your needs. For example. If you want that every user can authenticate to the KACE user console you must set the following search:
The KBOX_USER variable will be set if a user tries to login to the SMA user console or you use the import scheduler. If you want to test this query, you must set a real username in there. For example "sven.hain". After the successfully testing you must replace it to the KBOX_USER variable. This query importing you every active user from your AD.
In the "Base DN" field you must set the base tree from where the SMA will search for any users. In my environment I had set the Base DN to "OU=Benutzer,OU=Contoso,DC=contoso,DC=local" because under this AD tree there are all my productive users.
For the login account i recommend that you create a SMA service account. Please do not user an administrator account for that. You only need read access to the AD.
Another example is my admin query. Here are my advanced search and the base DN:
At "member of" you set the distinguished name of your Kace Admin group.
This base DN is the root path because my admin accounts are in different OUs.
Hope that helps you.