Solutions

How do I find LDAP User and Group Base DN for Microsoft Active Directory?

Solutions ID:    KB4548
Version:    3.0
Status:    Published
Published date:    07/26/2013
Updated:    07/30/2013
 

Problem Description

In Reporter 9.x, it is possible to add an LDAP server.  Integrating Reporter with backend LDAP configuration enables standard Reporter users to take advantage of additional features, such as defining roles based on manager-direct report structures.

In order to allow Reporter to query your LDAP server for users and groups, you must specify a user and group base DN.

Resolution

To find out your user and group base DN, you can run a query from any member server on your Windows domain.

To find the User Base DN:
- Open a Windows command prompt.
- Type the command: dsquery user -name <known username>
(Example: If I were searching for all users named John, I could enter the username as John* to get a list of all users who's name is John)
- The result will look like: "CN=John.Smith,CN=Users,DC=MyDomain,DC=com"
- In Blue Coat Reporter's LDAP/Directory settings, when asked for a User Base DN, you would enter:  CN=Users,DC=MyDomain,DC=com


To find the Group Base DN:
- Open a Windows command prompt
- Type the command: dsquery group -name <known group name>.
(Example: If I were searching for a group called Users, I could enter the group name as Users* to get a list of all groups who's name contains "Users")
- The result will look like: "CN=Users,CN=Builtin,DC=MyDomain,DC=com"
- In Blue Coat Reporter's LDAP/Directory settings, when asked for a User Base DN, you would enter: CN=Users,CN=Builtin,DC=MyDomain,DC=com.

 TIP:  This link provides you with a discussion on what Microsoft tools are available: BLOG

NOTE: Links to other LDAP articles for Reporter.

For more details on how to setup LDAP on Reporter, see KB3353

For details on how to use the search user, and what rights it needs in AD, see KB4407

For details on how LDAP nested groups work in Reporter, see KB3826

For details on what the errors mean after you press the LDAP test button, see FAQ813

For details on what the LDAP atributes mean, see KB3560


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question