Q100563: Flix LDAP integration information and troubleshooting guidance

Follow

SUMMARY

This article provides in-depth information about how the LDAP integration works in Flix 6 and provides some troubleshooting steps in case you run into problems.



MORE INFORMATION

In order to enable LDAP integration with Flix, you need to update the config.yml file which usually resides in the same directory as the flix_server executable. You can read about all the required LDAP settings in the Flix online documentation.

 

Troubleshooting

All the entries in the Flix config.yml file are case-sensitive and need to match the ones on your LDAP server exactly. Here is an example config.yml file.

 

To check what the different values in the LDAP section of the config.yml should be, you can download ldapsearch. It is a tool that can return user and group attributes based on the specified parameters.

You can install ldapsearch on CentOS/Red Hat using yum:

yum install openldap-clients

Once you have ldapsearch installed, you can run the following command in a terminal, giving the username and password of an LDAP user of your choice: 

ldapsearch -LLL -H ldap://ldapserver:389 -b 'dc=COMPANY,dc=COM' -D 'DOMAIN\LDAPSEARCHUSER' -w 'LDAPSEARCHUSERPASSWORD' '(sAMAccountName=USERNAME)'

If your LDAP server doesn’t require a username and password for LDAP searches (most setups do), you can use: 

ldapsearch -LLL -h LDAPSERVER -p 389 -x -b 'dc=COMPANY,dc=COM' -Epr=200/noprompt '(uid=USERNAME)'

 

Below is a list of what the ldapsearch flags do:

  • -LLL - returns ldap data in ldiff format
  • -h point the ldapsearch command to your ldap server
  • -H same as the -h  flag, but provide the server name in URI format
  • -p provide the port number your LDAP server is running on. 389 is the default port and it is not required to specify unless your LDAP server is using a different port.
  • -x  use simple authentication - no encryption
  • -b base dn. Where do you want to search under in your LDAP domain
  • -D provide a username that can do LDAP searches
  • -w provide a password for the user who can do LDAP searches
  • (sAMAccountName) & (uid) unique identifiers you want to search your LDAP database for. Usually the username of an artist.

 

To get a verbose output of Flix's connection to your AD/LDAP server, you can run our ldap utility by downloading it from the GitHub link provided and running it like this:

./ldap-utils-linux -config-file config.yml

It will use the parameters set in your config.yml file, try to connect to your LDAP server, and show you what information Flix receives back.

If you run into problems, please email us the ldapsearch command you ran against a user, its output, your config.yml, flix_server.log (from the directory you run flix_server from), and the output from ldap-util.

 

FURTHER READING  

You can learn more about user management in Flix from our User Management Guide.

You can learn where the different log files reside from the Flix Log Files Information page.

    We're sorry to hear that

    Please tell us why