Import of users via LDAP

Post Reply
User avatar
tpietsch
Member
Posts: 7
Joined: 17 Nov 2010 07:30
Location: Munich,Germany

Import of users via LDAP

Post by tpietsch » 09 Nov 2018 05:20

We got a brand new Omnivista 2500 v 4.3 with Stellar APs 1101.
Our dealer told us that it would be possible to import usernames via LDAP from Windows AD.
Does any one know whether this is possible with version or do we need different server version ?
Or is there another feasible way to bring usernames from Windows into the Server.

Thanks in advance

Thomas

silvio
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 1358
Joined: 01 Jul 2008 10:51
Location: Germany

Re: Import of users via LDAP

Post by silvio » 09 Nov 2018 13:58

I think there is a misunderstanding.... It is possible to connect OV/UPAM to the AD (via LDAP) so that authentication requests can be checked against the user in the AD.
best regards
Silvio

User avatar
tpietsch
Member
Posts: 7
Joined: 17 Nov 2010 07:30
Location: Munich,Germany

Re: Import of users via LDAP

Post by tpietsch » 12 Nov 2018 04:20

Thanks Silvio,

That's exactly what I have seen in some internet locations. But I guess that our dealer has no plan how to do it. So I am curious to learn how to do it by our selves.

Tx

Thomas

dsdwn
Member
Posts: 7
Joined: 09 Feb 2011 18:19

Re: Import of users via LDAP

Post by dsdwn » 30 Aug 2019 14:47

Some months are gone ... but still true what silvio said: connect your upam with your AD and make use of it inside an authentication-policy.

While theory and configuration is pretty straight forward, keep a keen eye on your preparations BEFORE you try to connect to an AD-server.
To authenticate against AD you need the proper LDAP-DN's and clean DNS-setup.

First thing: make shure your OV-machine and your AD-Server can resolve their hostnames each other back and forth.
[browsing is done via LDAP but authentication is realized via kerberos ! ... to build a trusted kerberos-link you need proper dns-resolution]
means: both machines can ask the dns-server [in lot of the cases this might be the AD-Server itself] for the name of the [AD/OV] and will receive the IP-addresse AND can ask for the IP and than will receive the FQDN of the [AD/OV] !

To grab the proper LDAP-phrases use a tool like GetMyDN.exe ... most of the time building an LDAP-link is wasted by debugging syntax-errors in LDAP-DN's

Rest is a piece of cake:

Image

then you can click on the "Test Connection"

Image

and when you see the green light ... you're good to go : )

Post Reply

Return to “OmniVista 2500 v4.x”