Hi,
Iโm using Lightweight Directory Access Protocol (LDAP) to Authenticate the Active Directory (AD) users in Drupal 9 website.
In LDAP Query i run below the queries to get the user belongs to the group
Base DNs to search in query: dc=unimity,dc=com
Filter: (&(objectClass=user)(memberOf=cn=grp_unimity,ou=SERVICE_GROUP,dc=unimity,dc=com))
Attributes: samaccountname,employeenumber
Output: Means below users only allowed to login the Drupal site. Other group users will not be allowed to login.
Test1 100
Test2 101
Test3 102
Below are the details are configured:
Server:
Server Name: Unimity LDAP
LDAP Server type: Active Directory
Server address: ipaddress
Server port: 389
Binding:
Binding Method for Searches: Service Account Bind: Use credentials in the Service Account field below to bind to LDAP
DN for non-anonymous search: testunimity
Password for non-anonymous search: xxxxx
Users
Base DNs for LDAP users, groups, and other entries: cn=grp_unimity,ou=SERVICE_GROUP,dc=unimity,dc=com
Authentication name attribute: samaccountname
Email attribute: userprincipalname
Expression for user DN. Required when "Bind with Users Credentials" method selected: cn=%username,%basedn
Groups:
Groups are not relevant to this Drupal site. This is generally true if LDAP Groups and LDAP Authorization are not in use: is checked
LDAP User Settings:
Manual Drupal Account Creation:
How to resolve LDAP conflicts with manually created user accounts.: Do not associate accounts, reject conflicting accounts.
Basic Provisioning to Drupal Account Settings:
LDAP Servers Providing Provisioning Data: Server enabled
Drupal Account Provisioning Events:
Create or Sync to Drupal user on successful authentication with LDAP credentials. (Requires LDAP Authentication module).: is checked
Existing Drupal User Account Conflict:
Associate Drupal account with the LDAP entry. This option is useful for creating accounts and assigning roles before an LDAP user authenticates.: is checked
Application of Drupal Account settings to LDAP Authenticated Users:
Account creation settings at /admin/config/people/accounts/settings do not affect "LDAP Associated" Drupal accounts.: is checked
Basic Provisioning to LDAP Settings:
LDAP Servers to Provision LDAP Entries on: Sever enabled
LDAP Entry Provisioning Events:
Create or Sync to LDAP entry when a user authenticates.: is checked
LDAP Authentication Settings
Logon Options:
Allowable Authentications:
Exclusive mode: Only LDAP Authentication is allowed.: is checked
Exclude members of the administrative group from LDAP authentication: is checked
Authentication LDAP Server Configurations: sever enabled
Problem:
Trying to login with โTest1โ User. getting below issue
attached the image
If I remove the cn and ou in Base DNs for LDAP users, groups, and other entries: dc=unimity,dc=com. Then i can able to login with any active directory group user
I wanted to restrict the allowed group users to login to the drupal site.
Am I missing any configuration? Please help me to do this.
Thanks, Bharathi
Closed: works as designed
4.3
User interface
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Hi @Bharathi Vediyam,
I found at least one of the issues. The binding is not correct. It looks like a SAM account name. It should look more like this:
CN=Knowledge Base SSO service account,OU=ServiceAccounts,OU=JKnowledge Base,OU=ProductionSystems,DC=corp,DC=com
DN for non-anonymous search: testunimity