How do i intergrate microsoft active directory in ERPnext?
Have you tried LDAP authentication?
thanks - will give this a go.
got the ldap module add-on installed.
the ldap settings is configured as per https://erpnext.org/docs/user/manual/en/setting-up/integrations/ldap-integration
When i click save it says " iincorrect userid or password"
The username and password is correct - tried creating a new AD account and again the same error message. Is this really going to work with Microsoft Active directory - any ideas?
I’ve managed to get erpnext working with microsoft active directory - please see my ldap settings below.
-
Login as administrator / admin
-
Go to LDAP settings > Enter ldap settings
LDAP Server url: ldap://192.168.1.200:389
Organization Unit: cn=users,dc=lab,dc=local
Base Distinguished Name (DN): cn=administrator,cn=Users,dc=lab,dc=local
Password for Base DN:
LDAP search String: sAMAccountName={0}
LDAP First Name Field: cn
LDAP Email Field: mail
LDAP Username Field: sAMAccountName
- Click Save
LDAP is now enabled and connected to microsoft active directory.
- Logout
- Login with an active directory account - make sure the account is active and working
If you want to use a different OU group instead of built-in OU users - now you can using the ldap-settings below
make sure sales OU exist.
LDAP Server url: ldap://192.168.1.200:389
Organization Unit: ou=sales,dc=lab,dc=local
Base Distinguished Name (DN): cn=adm_erpnext,ou=service,dc=lab,dc=local
Password for Base DN: [ad erpnext password]
LDAP search String: sAMAccountName={0}
LDAP First Name Field: cn
LDAP Email Field: mail
LDAP Username Field: sAMAccountName
how to obtain base DN for an AD user (How to obtain the Base DN or Bind DN Attributes for LDAP Directory Synchronization for Encryption Management Server)
-
Go to your domain controller
-
open powershell
type
dsquery user dc=example,dc=com -name user1
These commands will return the correct Bind DN
“CN=user1,CN=Users,DC=example,DC=com”
Not to nitpick but is it possible to get this to use ldaps on port 636 to increase security - really shouldn’t be using 389 (insecure) if we don’t have to.
u can use 636