How the User Authentication Configuration page works.
1. Take LDAP Query, replace %s in the query with the name under LDAP Username
2. Connect to LDAP using the distinguished name pointing to that user.
...
If authentication fails (or user is not found), it will return "Invalid Credentials"
3. On success, it takes LDAP Group Distinguished Name, and reads the object.
4. If it can not find the object at all, it will output "No Group exists under that Distinguished Name."
5. If it finds the object but the Group object is not
...
under a domain name, it will not be able to read it and returns
...
"Could not get members listing for Group Distinguished Name."
6. If object is read, and the distinguished name in the object exists, the users are inserted into the local up.time database
7. If object is read, but it contains entries that do not link to a user, that particular user is skipped and not inserted into up.time.
Example:
======================================================================
LDAP URL
...
ldap://ldaphostname:389
...
LDAP Query
...
uid=%s,ou=usersgroup,dc=subdomain,dc=domain,dc=tld
======================================================================
Synchronization enabled
...
Yes
Synchronize every
...
1h
Group Distinguished Name
...
cn=uptime.group,ou=usersgroup,dc=subdomain,dc=domain,dc=tld
======================================================================
LDAP Username asmith
Password
...
******
======================================================================
Using Oracle LDAP server, there are two methods of creating groups, "groupOfNames" and "groupOfUniqueNames".
Up.time uses "groupOfNames" method.
The following articles will help with setting up Oracle LDAP users under "groupOfNames"
http://docs.oracle.com/cd/E19623-01/820-6169/defining-static-groups.html
http://docs.oracle.com/cd/E19316-01/820-2763/bcajq/index.html
If unsure of the paths use software like 'Active Directory Explorer' or 'Wireshark' to connect to the AD/LDAP server to determine the path.