cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

Use AD Group for authentication

I am trying to use an AD group as the authentication method for Virtualization Manager, I can get the AD portion working without much issue but it looks like I will have to use an LDAP query in-order to pull specific groups from AD.

I have tried multiple different search strings and have not been able to get it to work, for instance:

Search Filter - (&(objectCategory=user)(memberOf=CN=SECURITY GROUP,OU=1st Folder,OU=2nd Folder))

Search Base - dc=domain, dc=com

I have a bind user/PW and server that we use for other LDAP queries with success, any help would be great!

Thanks,

Jesse

4 Replies
Level 7

Long shot ... But did you ever get this working.  I tried many combinations but nothing.  The AD authentication works just fine, but not so for LDAP.

0 Kudos

The "search filter" value in the Add/Edit authentication server dialog specifies the property name which is used to find the user name. The text entered to this field is used to generate the search filter: '=' and the user name is appended (in form of searchFilter=userName).

For example:

When you specify "cn" as search filter and try to login in as "domain/John", the search filter sent to LDAP server is: "cn=John".

This means that you can't specify complex search filters with current version of VMAN (6.1.1). We have created a feature request to support complex search filters.

0 Kudos

Thanks  ... It is kind of odd for this to work in this manner. Yes I have contacted support.  They expressed the same response and suggested AD authentication, which works BUT is not all practical.  I guess we will have to way for the next release, and hopefully they will fix this bug

Thanks for your reply!

User_Feo

0 Kudos
Level 8

Hi jbrytowski,

could you please try to put only the group value in the Search Filter field?

CN=SECURITY GROUP,OU=1st Folder,OU=2nd Folder

Thanks