I configured a open source asset management system snipe-it. And it has a LDAP integration option. So using UCS documentations I done the LDAP setting in snipe-it. But I can import user from UCS but can’t login using the the user imported from UCS. So please help me to solve the same and also ldap settings not importing email details also.
can you show us screenshots of the configuration you’ve created?
This is the snipe-it LDAP settings page
Using samba AD settings. email address filed getting correctly but not importing any user. Snipe-it showing firstname and last name required error.
the error message shown in the first screenshot should have given you a hint what’s wrong: the LDAP filter. A valid LDAP filter is fully enclosed in parenthesis, e.g.
(&(key1=value1)(key=value2)) instead of just
&(key1=value1)(key2=value2) as it is in your case.
I also try with the enclosed format, but get the same error. Actually is there any search filter change in samba AD ?? . Using LDAP configuration from UCS server (Port 7386) I can able successfully import users to snipe-it but can’t authenticate and not import the email address of users also. After import the user snipe-it login shows the error username or password not correct. In the background log , snipe-it shows user not found on LDAP server
if you’re connecting against OpenLDAP (port 7389 or 7636), you need to use
mailPrimaryAddress as the attribute for the email address and
uid as the attribute for the login name. If you’re connecting against Samba/AD (port 389 or 636), the corresponding attributes are
In the first screenshot there’s a field labeled “LDAP authentication query”. This should probably be adjusted, too, depending on which port you’re connecting to.
Edit: Notice further that the format for the “Bind DN” is different for AD and OpenLDAP. For AD you can use three different formats:
- Full DN to the LDAP object, e.g.
For OpenLDAP you must use the DN syntax; the other two won’t work. Additionally the user objects are named
uid=… in OpenLDAP, not
cn=…, which means that example 3 would be
uid=administrator,cn=users,dc=internal,dc=company,dc=com for OpenLDAP.
Hi Moritz ,
Thanks for the help. Using below settings now I can able to import users with email id to snipe-it. But I can’t able to login using UCS serever username and password. Snipe-it web page showing username or password incorect message. Also snipe-it shows the log “
production.ERROR: There was an error authenticating the LDAP user: Could not find user in LDAP directory”. My LDAP settings is below
Serevr : ucs.server.com:389 bindusername : email@example.com password : AdminPassword Base Bind DN : dc=server,dc=com Ldap Filter : objectClass=organizationalPerson User name field : samaccountname Last Name : sn LDAP First Name : givenname LDAP Authentication query : uid LDAP Version : 0 LDAP Active Flag : NIL LDAP Employee Number : NIL LDAP Email : mail
samaccountname in LDAP Authentication query filed , log shows
ldap_search(): Search: Bad search filter. So please help me to resolve the login issue.
Hi Moritz ,
Below settings worked for me.
Server : ucs.server.com:389 bindusername : firstname.lastname@example.org password : AdminPassword Base Bind DN : dc=server,dc=com Ldap Filter : objectClass=organizationalPerson User name field : samaccountname Last Name : sn LDAP First Name : givenname LDAP Authentication query : cn= LDAP Version : 0 LDAP Active Flag : NIL LDAP Employee Number : NIL LDAP Email : mail
Thanks for help. Now I can able to login and import users to snipe-it.
I would say that
LDAP authentication query should rather be
samaccountname= and not
cn=. My understanding is that this filter is used for looking up the user in the AD. If you filter on
cn here, the user has to use his/her common name which is often of the
Firstname Lastname variety instead of their logon name which is
samaccountname. But then again, I’ve never used Swipe-IT myself; this is just conjecture on my part.
Ok Moritz , Snipe-it is a good open source asset management tool