Sunday, 25 January 2015

CloudSystem Enterprise LDAP Integration

CloudSystem Enterprise LDAP Integration


I had a chance to play around with Organizations in CloudSystem Enteprise 8.1 and found the help and default values rather misleading and unhelpful for Active Directory Environment. I eventually captured the right values I was happy with and thought I'd share them here for reference as I'm going to have do this again someday!!

LDAP Server Information
Hostname: lab.local
Port: 389
Connection Security: SSL box unchecked
Base DN: DC=lab,DC=local
User ID (Full DN): CN=cloudsystem_service,OU=Service Accounts,DC=lab,DC=local
Password: XXXX
ReType Password: XXXX

LDAP Attributes:
User Email: mail
Group Membership: member
Manager Identifier: manager
Manager Identifier Value: dn
User Avatar: avatar

User Login Information:
User Name Attribute: sAMAccountName
User Search Base: OU=Department X Users,OU=Cloud Users
User Search Filter: sAMAccountName={0}
Search Option: Search Subtree Selected
Save first, then select Look Up User and put in username such as “jsoap” to validate

Access Control:
Add AD Group to Service Consumer Role
Enter a name for the group or organizational unit DN: CloudSystem Admins
Enter a group or organizational unit DN: CN=CloudSystem Admins,OU=Department X Groups,OU=Cloud Groups
Click Add / Update

I've still to add the Domain Controller SSL certs to the Java keystore and trust them to enable secure LDAP but otherwise the steps above work fine. I've still to test the email integration. Just need to find a lab server with 8 cores!! Hope this helps out anyone struggling with this area.

Use Sysinternals AD Explorer to connect and show the exact DN attributes to help you out! Available here:
https://technet.microsoft.com/en-ie/sysinternals/bb963907.aspx