Active Directory integration with Phabricator - No such object Exception

Question

I need to setup Active Directory integration in Phabricator. I have no idea, how to start with it. I've been searching for some tutorials or phabricator's manual in this field but I found nothing. Can anyone help me with it?

UPDATE

Now I know that I have to use LDAP. However, I don't know how to find Search Attributes because when I type sth default eg. sn, I receive exception:

LDAP Exception: LDAP search failed. LDAP Error #32: No such object

What kind of attribute should I type? I use Active Directory 2013 R2, ver: 5.2xxx..

what comes out if you execute: ldapsearch -h domain.com -p 389 -x -b "dc=domain,dc=com"; -D \ "com\yourLDAPusername" "(sAMAccountName=yourLDAPusername)" -W | less — rekinyz, Aug 30 '16 at 11:55

score 2 · Answer 1 · edited May 23 '17 at 12:06

2

I wish their page was more detailed. Phabricator uses LDAP to negotiate authentication with Active Directory. That may help you find additional resources. It has been almost 3 years since we setup our LDAP connection and I don't remember where we found the steps.

Here is what I remember:

Go to [base_phab_url]/auth/ and click "Add Authentication Provider"
Select LDAP and click continue.
If I remember, it only has one page where it will ask you for all the LDAP information. Fill it in.
Once you have, click Add Provider
If there are any issues, you can always go back and edit the provider.

I believe the hardest part was realising that LDAP isn't just a config setting, it is an entirely separate "Application" (just like Diffusion and Phriction are "Applications"). This is just the "Application" that lets you access all the others...

Here are some resources that seem to cover most of the concerns we had:

Set up phabricator with LDAP authentication on Debian Jessie
phabricator LDAP connection failed talks about php extensions you need for it to work
How to configure the Phabricator LDAP Login is a bit confusing but it gives the command that allows you to test your LDAP authentication from the cli.

I hope this helps!

edited May 23 '17 at 12:06

Community

1
1

answered Aug 26 '16 at 16:08

CEPA

2,592
25
31

Thanks for answer. Now I have a problem with the LDAP settings. I have tried all the setting you've linked but it doesn't work. I don't know how to find: LDAP Port, Base Distinguished Name, Search Attributes, Anonymous Username, Anonymous Password – mynameis Aug 29 '16 at 05:59
There I can't help you... I work in a large company so I got those answers from my IT group. – CEPA Aug 29 '16 at 13:02
@mynameis just use the third link, I have successfully tested it in a large company :p – rekinyz Aug 29 '16 at 21:26
@rekinyz Ok. And now, I go to `Link LDAP Account` and I enter: com\yourLDAPusername and yourLDAPpassword right?? – mynameis Aug 30 '16 at 05:30
@mynameis yes, just enter your LDAP username and password. – rekinyz Aug 30 '16 at 07:57
@rekinyz I add new question connected with my problem, can you look at this? http://stackoverflow.com/questions/39221756/proper-search-attributes-in-integration-ldap-in-phabricator-no-such-object-exc – mynameis Aug 30 '16 at 08:08

Active Directory integration with Phabricator - No such object Exception

1 Answers1