How to Authenticate User Manager via OpenLDAP

For this demonstration we are using the OpenLDAP Server provided by zFlex http://www.zflexsoftware.com/index.php/pages/free-online-ldap

1 Step-By-Step
- 1.1 Directory Settings
- 1.2 Operational Settings
- 1.3 User Configuration
- 1.4 Group Configuration
2 Manual Syncing
3 Troubleshooting
- 3.1 Using a directory browser
- 3.2 Using the PBX CLI
  - 3.2.1 List Directories
  - 3.2.2 Sync all directories
  - 3.2.3 Force Sync all directories
  - 3.2.4 Force sync a single directory with verbose logging

Step-By-Step

On the zFlex page (http://www.zflexsoftware.com/index.php/pages/free-online-ldap ) the setup parameters are detailed as so

Additionally three users have defined passwords so we will be using the OU of guests for our setup.

Our setup configuration is as follows:

Directory Settings

Operational Settings

User Configuration

Group Configuration

Manual Syncing

Manual Syncing can be preformed by running the following command

[root@freepbxdev4 framework]# fwconsole userman --syncall --force
Directory 'PBX Internal Directory' does not support syncing
Starting Sync on directory 'Markham Blade AD'...
Finished
Starting Sync on directory 'zflex server'...
Finished

Troubleshooting

Using a directory browser

An LDAP directory browser is a great way to get a visual overview of your directory. Directory browsers can also be used to check authentication. Apache Directory Studio was used in the development of OpenLDAP in User Manager.

http://directory.apache.org/studio/

Using the PBX CLI

You can troubleshoot User Manager Active Directory syncing by running from the CLI with a few options

[root@freepbxdev4 framework]# fwconsole userman --help
 ______             _____  ______   __
|  ____|           |  __ \|  _ \ \ / /
| |__ _ __ ___  ___| |__) | |_) \ V /
|  __| '__/ _ \/ _ \  ___/|  _ < > <
| |  | | |  __/  __/ |    | |_) / . \
|_|  |_|  \___|\___|_|    |____/_/ \_\
Usage:
  userman [options]
 
Options:
      --syncall         Syncronize all directories
      --sync=SYNC       Syncronize a single directory by id (obtained from --list)
      --force           Force syncronization
      --list            List directories
  -h, --help            Display this help message
  -q, --quiet           Do not output any message
  -V, --version         Display this application version
      --ansi            Force ANSI output
      --no-ansi         Disable ANSI output
  -n, --no-interaction  Do not ask any interactive question
  -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug
 
Help:
  User Manager

List Directories

[root@freepbxdev4 framework]# fwconsole userman --list
+----+------------------------+
| ID | Name                   |
+----+------------------------+
| 9  | PBX Internal Directory |
| 2  | Markham Blade AD       |
| 3  | zflex server           |
+----+------------------------+

Sync all directories

Force Sync all directories

Force sync a single directory with verbose logging

This will then return exactly what user manager is doing while syncing.

For certain queries an ldapsearch statement will be returned. You can copy and paste this command and run it locally to see what is returned on the search using the filters you supplied in setup

PBX GUI