4 Replies Latest reply on Aug 13, 2014 3:57 PM by user_feo

    Use AD Group for authentication


      I am trying to use an AD group as the authentication method for Virtualization Manager, I can get the AD portion working without much issue but it looks like I will have to use an LDAP query in-order to pull specific groups from AD.


      I have tried multiple different search strings and have not been able to get it to work, for instance:

      Search Filter - (&(objectCategory=user)(memberOf=CN=SECURITY GROUP,OU=1st Folder,OU=2nd Folder))

      Search Base - dc=domain, dc=com


      I have a bind user/PW and server that we use for other LDAP queries with success, any help would be great!





        • Re: Use AD Group for authentication
          Jan Martinak

          Hi jbrytowski,


          could you please try to put only the group value in the Search Filter field?


          CN=SECURITY GROUP,OU=1st Folder,OU=2nd Folder



          • Re: Use AD Group for authentication

            Long shot ... But did you ever get this working.  I tried many combinations but nothing.  The AD authentication works just fine, but not so for LDAP.

              • Re: Use AD Group for authentication

                The "search filter" value in the Add/Edit authentication server dialog specifies the property name which is used to find the user name. The text entered to this field is used to generate the search filter: '=' and the user name is appended (in form of searchFilter=userName).


                For example:

                When you specify "cn" as search filter and try to login in as "domain/John", the search filter sent to LDAP server is: "cn=John".


                This means that you can't specify complex search filters with current version of VMAN (6.1.1). We have created a feature request to support complex search filters.

                  • Re: Use AD Group for authentication

                    Thanks  ... It is kind of odd for this to work in this manner. Yes I have contacted support.  They expressed the same response and suggested AD authentication, which works BUT is not all practical.  I guess we will have to way for the next release, and hopefully they will fix this bug


                    Thanks for your reply!