Importing Users from LDAP
- Generally LDAP option is used only if the customer has PAM360 installed on a Linux server. Check with the customer for the reason for installing PAM360 on a Linux server and inform them that they will have to install the Agents on ALL windows machines in order to manage their passwords. If the customers wishes to install PAM360 on a Windows machine, then they can use AD integration. If not, proceed with the below steps.
- Check if PAM360 server has connectivity to the LDAP server.
- Check if the provider URL is supplied in correct format, which is LDAP://LDAPSERVERIP:port. For example, LDAP://192.16.10.100:389
- While the Default LDAP port is 389, please check with the customer if they have changed it.
- If the LDAP server/directory is configured to operate in SSL mode, then request the customer for the certificate of the directory.
- Copy the certificate file into PAM360/bin directory and run the command sh importCert.sh LDAPcert.cer. For example, sh importCert.sh MELDAP.cer.
- Ensure that the Username field has the proper distinguished name of the login account. For example, cn=ganeshc,cn=PAMTeam,cn=Users,dc=ME,dc=com.
- In the above example, if the LDAP directory is AD, then it means that the user called ganeshc is present inside the subOU called PAMteam which is under the main OU called Users which is part of the domain ME.
- Check the Password supplied is correct and check the BaseDN value. This should the Group/OU inside which we are checking for the user. So in the above example, the BaseDN value should be cn=PAMTeam,cn=Users,dc=ME,dc=com, as the user ganeshc is present inside this particular OU or an even better option is to use dc=ME,dc=com which will search the entire directory.
- If none of the above helps, login to PAM360 server and try using the ldapsearch command. This command is generally available in most Linux OS flavors. But if it is not available it can be installed using the below command in CentOS/RHEL.
- yum install -y openldap openldap-clients openldap-servers
- And using the below command in Debian based machines.
- apt-get install ldap-utils
- Once you have ldapsearch installed, you can use the below command to search for the particular user.
- In the $ or # prompt run, ldapsearch -x -b "dc=ME,dc=com" -H ldap://192.16.10.100:389 -D "cn=svc_pam,dc=MC,dc=com" -W "objectclass=*"
- In the above command 192.16.10.100 is the LDAP server IP, 389 is the port, svc_pam is the login account used, provided in Distinguished name format and objectclass=* is the filter used to search for any object present. Instead if you supply "email=ganeshc@me.com", it will only search for the user with the email ID ganeshc@me.com. So ensure that you get the desired results using ldapsearch command and then use the same values inside PAM360.
New to ADSelfService Plus?
Related Articles
Importing Users from AD
Check if PAM360 is installed in a member server or a workgroup machine. Member servers will by default have connectivity to AD and if it is a workgroup machine then there should be a connectivity available from workgroup machine to primary domain ...
AD SSO troubleshooting steps
Steps to configure SSO for different browsers: Steps for IE, Chrome, Edge & Opera 1. Through 'Run' command, execute 'inetcpl.cpl'. Internet Properties will be displayed. 2. Select the 'Security' tab in the pop-up window. 3. Choose the option 'Local ...