Create User in AD
| Project: | LDAP provisioning |
| Version: | 6.x-1.0-alpha2 |
| Component: | Code |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
I'm trying to create users in Active Directory whenever somebody creates an account, so I can integrate with Windows Media Services authentication, but I can't get a user account created. I've used this module with OpenLDAP successfully on another site, but this is my first shot at AD. I can authenticate users if they are in AD, so I know that much is working. I also know that the user deletion is working (the hard way, deleted an admin user I didn't want to during testing), which should imply that the user I'm using to make the changes has adequate permissions.
My current settings for provisioning are:
Enable: yes
Custom Username: yes
Username Template: %f.%l (This shouldn't matter, right?)
Disable drupal user creation: yes (this just means you have to go through the Provisioning screen, not the normal user management screen, right?)
Enable Debugging: Yes!
Registration and Authentication: All good, nothing to screw up
Attributes:
My current setup is this:
#objectClass: top
#objectClass: person
#objectClass: inetOrgPerson
#uid: !uid
#mail: !mail
#givenName: !first_name
#sn: !last_name
#cn: !first_name !last_name
#userPassword: !pass
#objectClass: organizationalPerson
#objectClass: person
#objectClass: top
#objectClass: user
cn: !first_name !last_name
#objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=liveracecam,DC=com
#accountExpires: 9223372036854775807
#badPasswordTime: 0
#badPwdCount: 0
#codePage: 0
countryCode: 0
displayName: !uid
givenName: !first_name
#lastLogoff: 0
#lastLogon: 0
#logonCount: 0
memberOf: CN=Stream Publishers,CN=Users,DC=liveracecam,DC=com
name: !uid
sAMAccountName: !uid
sn: !last_name
userPrincipalName: !mail
Which was based on an LDIF dump of an existing user and the stock settings; I've been removing attributes trying to fix this. I'm pretty sure this is where the problem lies; I try to go through /admin/user/accounts/new and create users, the LDIF looks nice, but it doesn't create the user. Does anybody have a working AD provisioning set of attributes or any tips for me? Thanks!
#1
I hate to bribe people for support, but if anybody can help me get this working (via phone or email or directly on the server), I will happily paypal them $50. My client is the pushy type and wants this done yesterday, I got handed the project after the due date was already passed.
#2
This offer has gone up- anybody who can help me make this work, name your price. Hell, can anybody say whether or not you CAN provision a user via LDAP in AD?
But in all seriousness, if you can help me make this work, email me, and I will make it worth it! I'm just running into time constraints, so I need help real soon now!
#3
I don't have a AD at my hands so cannot troubleshoot it.
I think that the problem is in the LDIF file you're sending to AD. Try exporting existing user from the AD to LDIF, then delete that user in the AD and try recreate it from the LDIF file. If it works you will now which attributes are needed.
I'm not a AD expert, but maybe it can be run in debug mode and show the error when the user is not created? Maybe some mandatory attribute is missing or some attributes should be unique?