ERPNext Conference 2019* ERPNext.com Blog

ERPNext Active Directory


#1

How do i intergrate microsoft active directory in ERPnext?


LDAP Authentication single OU works - now how to search whole domain?
#2

Have you tried LDAP authentication?


#3

Hi

You can use my app to sync LDAP user +group

I edit from https://github.com/saurabh6790/frappe_ldap


#4

thanks - will give this a go.


#5

got the ldap module add-on installed.

the ldap settings is configured as per https://erpnext.org/docs/user/manual/en/setting-up/integrations/ldap-integration

When i click save it says " iincorrect userid or password"

The username and password is correct - tried creating a new AD account and again the same error message. Is this really going to work with Microsoft Active directory - any ideas?


Active Directory Integration - share your experience and method please
#6

I’ve managed to get erpnext working with microsoft active directory - please see my ldap settings below.

  1. Login as administrator / admin

  2. Go to LDAP settings > Enter ldap settings

LDAP Server url: ldap://192.168.1.200:389
Organization Unit: cn=users,dc=lab,dc=local
Base Distinguished Name (DN): cn=administrator,cn=Users,dc=lab,dc=local
Password for Base DN:

LDAP search String: sAMAccountName={0}
LDAP First Name Field: cn
LDAP Email Field: mail
LDAP Username Field: sAMAccountName

  1. Click Save

LDAP is now enabled and connected to microsoft active directory.

  1. Logout

Screenshot_138

  1. Login with an active directory account - make sure the account is active and working

Screenshot_136


LDAP integration issue
#7

If you want to use a different OU group instead of built-in OU users - now you can using the ldap-settings below

make sure sales OU exist.

LDAP Server url: ldap://192.168.1.200:389
Organization Unit: ou=sales,dc=lab,dc=local
Base Distinguished Name (DN): cn=adm_erpnext,ou=service,dc=lab,dc=local
Password for Base DN: [ad erpnext password]

LDAP search String: sAMAccountName={0}
LDAP First Name Field: cn
LDAP Email Field: mail
LDAP Username Field: sAMAccountName


LDAP doesn't configure
#8

how to obtain base DN for an AD user (https://support.symantec.com/en_US/article.HOWTO41996.html)

  • Go to your domain controller

  • open powershell

type

         dsquery user dc=example,dc=com -name user1

These commands will return the correct Bind DN

“CN=user1,CN=Users,DC=example,DC=com”


#9

Not to nitpick but is it possible to get this to use ldaps on port 636 to increase security - really shouldn’t be using 389 (insecure) if we don’t have to.


#10

u can use 636


#11

Hope this helps someone
If you need help finding your AD attributes this might help some people.