LDAP to Active Directory works. Need help getting groups to work.

I am querying an Active Directory server using LDAP. Login to Suite CRM works just fine. Now, within Active Directory, I created a security group. Each user authorized to sign into Suite CRM is in that group.

Here’s what I have (only under Group Membership):
-Group Membership: enabled
-Group DN: OU=Security Groups,OU=MyBusiness,DC=mydomain,DC=com
-Group Name: CN = CRMusers
-User Attribute: samAccountName
-Group Attribute:
-With User DN: disabled

I suspect something is wrong with User Attribute and Group Attribute.

I’ve also tried setting Group DN to CN = CRMusers,OU=Security Groups,OU=MyBusiness,DC=mydomain,DC=com and leaving Group Name blank or as CN = CRMusers

What do I have to do so only users in the CN=CRMusers group are permitted to sign in?

Even better: What do I have to do so I can specify certain users to have certain permissions (i.e. administrator) within SuiteCRM based on LDAP/Active Directory?

I have:
-User Attribute: dn
-Group Attribute: member

The rest of your settings look fine. Hope this helps.

Hello,

I am still having difficulties with this topic. Will reached out to me but I had been unable to answer. Every setting looks correct. Where can I start looking for debug/error information?

Hi,

You may find some error information in the sugar.log file. However, this may not always be useful in this case.

You settings look fine (with my possible alterations) but double check the following:

User Filter is unless you are specifically using it
OU in Group DN is correct. For example, you have Security_Groups but I have Groups
User Attribute and Group Attribute will depend on what you have for OU in Group DN as well as how you have set up your AD group

Can I ask what AD implementation you are using?

I have it now working with:

User Attribute: dn
Group Attribute: member
With UserDN Checked.