Author Topic: LDAP settings  (Read 3112 times)

erikms

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
LDAP settings
« on: December 02, 2015, 02:40:20 pm »
Dear all,
I have just installed my first Zentyal server, and I must say: a beautiful piece of work.
However, i want to use Zentyal as a Domain Controller in our network.
Our current DC is a Win2003 machine, with its user database under OU=Users,OU=Company,DC=domainname,DC=tld

However, when I install Zentyal, the base DN (Users and Computers>LDAP settings) is DC=domainname,DC=tld
and the Default users DN is CN=Users,DC=domainname,DC=tld

This means that I can not see or maintain my current users, since the OUs are not present.

So how do I change the DNs in the Zentyal server?
This is the Zentyal Development Edition 4.2, btw
« Last Edit: December 02, 2015, 02:51:40 pm by erikms »

BrunovonTroba

  • Zen Monk
  • **
  • Posts: 61
  • Karma: +3/-0
    • View Profile
Re: LDAP settings
« Reply #1 on: December 03, 2015, 10:31:24 pm »
First of all - read Zentyal wiki. Especially https://wiki.zentyal.org/wiki/En/4.1/Users,_Computers_and_File_Sharing#joining-zentyal-server-to-an-existing-domain
At the end of this topic it is written: Functional Domain level of the forest and the domain has to be min 2003R2, current max 2012 (not 2012R2) - in my experience it is 208R2 now.
Is your domain 2003 or 2003R2? If 2003, then only old version of Zentyal worked properly with it (as i remember 3.3 but check please, mus tuse samba 3, not samba 4)
If you have 2003R2 - what is the netbios domain name? Netbios domain name can not be the same, as first part of FQDN of your domain
eg. now your FQDN domain is domainname.tld, so it means that probably your domain netbios name is "DOMAINNAME". But, according to zentyal wiki, it can be any other than that.
So in this case it depends how many computes is connected to your domain as domain computers (with login domainname\username). Because domain name change will result in necesity of reconnecting those machines to domain again.

erikms

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: LDAP settings
« Reply #2 on: December 04, 2015, 08:16:01 am »
Dear Brunovon,
Thank you for your swift reply.

To answer your questions:
My domain functional level is 2003R2; the netbios name of my zentyal server is zentyal (surprise). My current (Win2003R2) domain server has users attached, and I would like to migrate them eventually to Zentyal.

I have read the wiki, before making this post. The problem is NOT that I can not connect to the domain.
My problem is that the Base DN is incorrect, and my question is "where can I change it?".

Judging from the number of views, this is a common problem... judging from the number of replies, it is also a problem that is hard to solve?

BerT666

  • Zen Warrior
  • ***
  • Posts: 228
  • Karma: +17/-0
    • View Profile
Re: LDAP settings
« Reply #3 on: December 04, 2015, 01:26:52 pm »
Hi,

I think it is a problem with the "normal" LDAP Layout of OpenChange.

I have read somewhere in this forum how to change this, but I cannot find it at the moment...

Simply said, you have to tell OpenChange to look for Users / Groups in another OU...

erikms

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: LDAP settings
« Reply #4 on: December 04, 2015, 03:39:41 pm »
Dear BerT,

Um...OpenChange?
Other than that, that is exactly what I am looking for... now to find that config; old posts locate the information in various places in the filesystem, but all that seems to have changed.

Any pointers from the zentyal gurus?
I get the impression that the info may be hidden in the redis data...

Yours,
-Erik

BerT666

  • Zen Warrior
  • ***
  • Posts: 228
  • Karma: +17/-0
    • View Profile
Re: LDAP settings
« Reply #5 on: December 08, 2015, 01:33:26 pm »

erikms

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: LDAP settings
« Reply #6 on: December 11, 2015, 12:14:00 pm »
Hi BerT,
just ran through that forum post... what I find strange is that my /etc contains no ocs* directories, and that
Code: [Select]
find|xargs grep -i 'dc=' in the /etc directory (which should find any file that contains [dD][cC]= ) comes up with:
Code: [Select]
./ldap/ldap.conf:#BASE  dc=example,dc=com
./debconf.conf:#BaseDN: cn=debconf,dc=domain,dc=com
./debconf.conf:#BindDN: uid=admin,dc=domain,dc=com
i.e. no zentyal/ldap/openchange related config there.
where oh where is that config?
not in /usr/etc
not in /usr/local/etc

the same find in the /usr/share directory:
find zentyal* |xargs grep -i 'dc='
comes up empty as well
so... any other pointers?

update: just checked /var/lib/zentyal...
nothing there either
« Last Edit: December 11, 2015, 01:17:32 pm by erikms »