Q100563: Flix 6 LDAP integration information
This article provides in-depth information about how the LDAP integration works in Flix 6 and provides some troubleshooting steps in case you run into problems.
In order to enable LDAP integration with Flix 6, you need to update the config.yml file which resides in the same directory as the flix_server executable. You can read about all the required LDAP settings in the Flix 6 online documentation.
All the entries in the config.yml file need to match the ones on your LDAP server exactly. All entries and object information are case sensitive so make sure your entries match what your LDAP server outputs.
To get a verbose output of your connecting to your AD/LDAP server you can run our ldap utility. You can run it like this:
./ldap-utils-linux -config-file config.yml
It will use the settings from your config.yml file, try to connect to your server and show you the information Flix receives back.
To check what the different values in your LDAP settings section should look like, you can download ldapsearch. You can install ldapsearch on CentOS/Red Hat using yum:
yum install openldap-clients
Once you have ldapsearch installed, you can run the following command in a terminal:
ldapsearch -LLL -H ldap://ldapserver:389 -b 'dc=COMPANY,dc=COM' -D 'DOMAIN\LDAPSEARCHUSER' -w 'LDAPSEARCHUSERPASSWORD' '(sAMAccountName=USERNAME)'
If your LDAP server doesn’t require a username and password for LDAP searches (even though most AD setups do), you can use:
ldapsearch -LLL -h LDAPSERVER -p 389 -x -b 'dc=COMPANY,dc=COM' -Epr=200/noprompt '(uid=USERNAME)'
Here is a list of what all the ldapsearch flags do:
- -LLL - returns ldap data in ldiff format
- -h point the ldapsearch command to your ldap server
- -H same as the -h flag, but provide the server name in URI format
- -p provide the port number your LDAP server is running on. 389 is the default port and it is not required to specify unless your LDAP server is using a different port.
- -x use simple authentication - no encryption
- -b base dn. Where you want to search under in your LDAP domain
- -D provide a username who can do LDAP searches
- -w provide a password for the user who can do LDAP searches
- (sAMAccountName) & (uid) unique identifiers you want to search your LDAP database for. Usually the username of an artist
If you run into problems, please email us the ldapsearch command you ran against a user, its output, your config.yml, flix_server.log (from the directory you run you flix_server from) and the output from ldap-util.
We're sorry to hear thatPlease tell us why