How to Authenticate User Manager via Microsoft Active Directory

Specific steps below can be used to connect and test active directory setups to your PBX

1 Step-by-step guide
2 Manual Syncing
3 Troubleshooting
- 3.1 Using a directory browser
- 3.2 Using the PBX CLI
  - 3.2.1 List Directories
  - 3.2.2 Sync all directories
  - 3.2.3 Force Sync all directories
  - 3.2.4 Force sync a single directory with verbose logging

Step-by-step guide

The following steps were tested with a Microsoft Server 2012 Essentials, your mileage may vary. Requires version 13 or higher of the PBX software.

Make sure you have access to AD on TCP port 389 from the PBX to the AD system
use dsquery to get correct base DN; from the windows server command line run the following
C:\Users\master> dsquery user -name validADusername "CN=validADusername,CN=Users,DC=domain,DC=local"*

The base DN derived from above will be:
DC=domain,DC=local

The User DN and Group DN will be:
CN=Users

Then armed with the base DN begin filling out the required information

Host: enter the IP address of the AD server
- Port: defaults to 389 which should be fine in most cases
- Username: a valid AD user
- Password: that valid AD users password
- Domain: the AD domain, in my case domain.local
- Base DN: the base DN derived from step 2
- User DN: The filter string where users live (can be an OU)
- Group DN: The filter string where groups live (can be an OU)

This was tested using a hosted PBX with a local instance of server 2012 essentials; It was configured with a port forward on the local router to take requests for 389 from the PBX and redirect those to the AD server and insured they had no issues speaking with each other.

Manual Syncing

Manual Syncing can be preformed by running the following command

[root@freepbxdev4 framework]# fwconsole userman --syncall --force
Directory 'PBX Internal Directory' does not support syncing
Starting Sync on directory 'Markham Blade AD'...
Finished
Starting Sync on directory 'zflex server'...
Finished

Troubleshooting

Using a directory browser

An LDAP directory browser is a great way to get a visual overview of your directory. Directory browsers can also be used to check authentication. Apache Directory Studio was used in the development of Active Directory in User Manager.

Welcome to Apache Directory Studio — Apache Directory

Using the PBX CLI

You can troubleshoot User Manager Active Directory syncing by running from the CLI with a few options

[root@freepbxdev4 framework]# fwconsole userman --help
 ______             _____  ______   __
|  ____|           |  __ \|  _ \ \ / /
| |__ _ __ ___  ___| |__) | |_) \ V /
|  __| '__/ _ \/ _ \  ___/|  _ < > <
| |  | | |  __/  __/ |    | |_) / . \
|_|  |_|  \___|\___|_|    |____/_/ \_\
Usage:
  userman [options]
 
Options:
      --syncall         Syncronize all directories
      --sync=SYNC       Syncronize a single directory by id (obtained from --list)
      --force           Force syncronization
      --list            List directories
  -h, --help            Display this help message
  -q, --quiet           Do not output any message
  -V, --version         Display this application version
      --ansi            Force ANSI output
      --no-ansi         Disable ANSI output
  -n, --no-interaction  Do not ask any interactive question
  -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug
 
Help:
  User Manager

List Directories

Sync all directories

Force Sync all directories

Force sync a single directory with verbose logging

This will then return exactly what user manager is doing while syncing.

For certain queries an ldapsearch statement will be returned. You can copy and paste this command and run it locally to see what is returned on the search using the filters you supplied in setup

PBX GUI