Use active directory authentication on openaudit 2.0.2

 
1
0
-1

I added an LDAP server to use the active directory authentication to login on openaudit 2.0.2 installed on linux.

My configuration is shown in the screenshot and I can't login like domain administrator.

Is it wrong my configuration?

I have to configure something else on open audit / domain controller to use DC authentication?

 

Thanks

 

 

    CommentAdd your comment...

    4 answers

    1.  
      1
      0
      -1

      Mark,

      In this document, How to Enable LDAP Authentication and Authorization for Open-AudIT, does it apply to community edition as well?  Is there a particular OU I need to put the open-audit groups in?

       

      Joe

      1. Mark Unwin

        Yes, it applies to both Community and Professional/Enterprise. The groups shouldn't need to be in a particular OU, however, the users must be direct members of those groups (not in another group that is a member of those groups).

      CommentAdd your comment...
    2.  
      1
      0
      -1

      The string "Can't contact LDAP server" indicates that your Open-AudIT server cannot talk to the AD server. Maybe a firewall is blocking traffic. Maybe the domain name is incorrect.

      Some notes - 

      • If you have more than one LDAP Server configured in Open-AudIT, you should use username@domain when logging on.
      • Is your domain actually named domain.test? This should be the actual name of your domain. Your BaseDN should also reflect this.
      • Use Roles should be set to Yes if you wish to have the user roles configured by Active Directory groups.

      Another way of testing Open-AudIT can talk to AD is to create a Discovery with the type of Active Directory. When you do this, Open-AudIT will talk to AD and ask for a list of subnets. If this doesn't work, I highly suspect it's not Open-AudIT as such, but either a firewall or AD configuration issue.

       

       

        CommentAdd your comment...
      1.  
        1
        0
        -1

        I added AD groups described in the documentation but it does not solve my problem. In the log I can see this error : 

        <summary>Invalid user supplied credentials for LDAP server at 172.16.30.10 or the LDAP server could not be reached, skipping.</summary>
        <detail>Can&apos;t contact LDAP server</detail>

          CommentAdd your comment...
        1.  
          1
          0
          -1

          You need your AD users in the correct AD groups. Please check these documentation links.

          How to Enable LDAP Authentication and Authorization for Open-AudIT

          LDAP_Servers

            CommentAdd your comment...