Testing out LDAP integration to Active Directory (samba4 actually). The way we structure our active directory for user accounts is like;
OU=accounts
|---OU=IT
| |---CN=user1
| |---CN=user2
|---OU=Manufacturing
|---CN=user3
|---CN=user4
Basically OU=accounts is the top OU and under that are OU’s for each department.
When I try to set the LDAP settings to point to the OU=accounts attempts to login show “verifying” or “not a valid account” depending on what I put in LDAP Search String.
If I change the OU to point to a departmental OU (say IT) the LDAP login works.
Is something perhaps stopping it from querying sub OU’s? Or perhaps I just need a specific LDAP Search String. The info I’ve found around LDAP settings is geared towards something like OpenLDAP with references to uid. Active Directory doesn’t use the same parameters.