How to Authenticate User Manager via Microsoft Active Directory
Specific steps below can be used to connect and test active directory setups to your PBX
Step-by-step guide
The following steps were tested with a Microsoft Server 2012 Essentials, your mileage may vary. Requires version 13 or higher of the PBX software.
Make sure you have access to AD on TCP port 389 from the PBX to the AD system
use dsquery to get correct base DN; from the windows server command line run the following
C:\Users\master> dsquery user -name validADusername "CN=validADusername,CN=Users,DC=domain,DC=local"*
The base DN derived from above will be:
DC=domain,DC=local
The User DN and Group DN will be:
CN=Users
Then armed with the base DN begin filling out the required information
Host: enter the IP address of the AD server
Port: defaults to 389 which should be fine in most cases
Username: a valid AD user
Password: that valid AD users password
Domain: the AD domain, in my case domain.local
Base DN: the base DN derived from step 2
User DN: The filter string where users live (can be an OU)
Group DN: The filter string where groups live (can be an OU)
This was tested using a hosted PBX with a local instance of server 2012 essentials; It was configured with a port forward on the local router to take requests for 389 from the PBX and redirect those to the AD server and insured they had no issues speaking with each other.
Manual Syncing
Manual Syncing can be preformed by running the following command
[root@freepbxdev4 framework]# fwconsole userman --syncall --force
Directory 'PBX Internal Directory' does not support syncing
Starting Sync on directory 'Markham Blade AD'...
Finished
Starting Sync on directory 'zflex server'...
Finished |
Troubleshooting
Using a directory browser
An LDAP directory browser is a great way to get a visual overview of your directory. Directory browsers can also be used to check authentication. Apache Directory Studio was used in the development of Active Directory in User Manager.
http://directory.apache.org/studio/
Using the PBX CLI
You can troubleshoot User Manager Active Directory syncing by running from the CLI with a few options
[root@freepbxdev4 framework]# fwconsole userman --help
______ _____ ______ __
| ____| | __ \| _ \ \ / /
| |__ _ __ ___ ___| |__) | |_) \ V /
| __| '__/ _ \/ _ \ ___/| _ < > <
| | | | | __/ __/ | | |_) / . \
|_| |_| \___|\___|_| |____/_/ \_\
Usage:
userman [options]
Options:
--syncall Syncronize all directories
--sync=SYNC Syncronize a single directory by id (obtained from --list)
--force Force syncronization
--list List directories
-h, --help Display this help message
-q, --quiet Do not output any message
-V, --version Display this application version
--ansi Force ANSI output
--no-ansi Disable ANSI output
-n, --no-interaction Do not ask any interactive question
-v|vv|vvv, --verbose Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug
Help:
User Manager |
List Directories
Sync all directories
Force Sync all directories
Force sync a single directory with verbose logging
This will then return exactly what user manager is doing while syncing.
For certain queries an ldapsearch statement will be returned. You can copy and paste this command and run it locally to see what is returned on the search using the filters you supplied in setup