ERPNext Active Directory

rahim_ahmed · January 2, 2019, 3:45pm

How do i intergrate microsoft active directory in ERPnext?

aakvatech · January 2, 2019, 3:56pm

Have you tried LDAP authentication?

vinhnguyent090 · January 2, 2019, 4:11pm

Hi

You can use my app to sync LDAP user +group

I edit from GitHub - saurabh6790/frappe_ldap

rahim_ahmed · January 3, 2019, 9:22am

thanks - will give this a go.

rahim_ahmed · January 3, 2019, 11:35am

got the ldap module add-on installed.

the ldap settings is configured as per https://erpnext.org/docs/user/manual/en/setting-up/integrations/ldap-integration

When i click save it says " iincorrect userid or password"

The username and password is correct - tried creating a new AD account and again the same error message. Is this really going to work with Microsoft Active directory - any ideas?

rahim_ahmed · January 3, 2019, 2:34pm

I’ve managed to get erpnext working with microsoft active directory - please see my ldap settings below.

Login as administrator / admin
Go to LDAP settings > Enter ldap settings

LDAP Server url: ldap://192.168.1.200:389
Organization Unit: cn=users,dc=lab,dc=local
Base Distinguished Name (DN): cn=administrator,cn=Users,dc=lab,dc=local
Password for Base DN:

LDAP search String: sAMAccountName={0}
LDAP First Name Field: cn
LDAP Email Field: mail
LDAP Username Field: sAMAccountName

Click Save

LDAP is now enabled and connected to microsoft active directory.

Logout

Screenshot_138

Login with an active directory account - make sure the account is active and working

Screenshot_136

rahim_ahmed · January 4, 2019, 11:11am

If you want to use a different OU group instead of built-in OU users - now you can using the ldap-settings below

make sure sales OU exist.

LDAP Server url: ldap://192.168.1.200:389
Organization Unit: ou=sales,dc=lab,dc=local
Base Distinguished Name (DN): cn=adm_erpnext,ou=service,dc=lab,dc=local
Password for Base DN: [ad erpnext password]

LDAP search String: sAMAccountName={0}
LDAP First Name Field: cn
LDAP Email Field: mail
LDAP Username Field: sAMAccountName

rahim_ahmed · January 4, 2019, 11:15am

how to obtain base DN for an AD user (How to obtain the Base DN or Bind DN Attributes for LDAP Directory Synchronization for Encryption Management Server)

Go to your domain controller
open powershell

type

         dsquery user dc=example,dc=com -name user1

These commands will return the correct Bind DN

“CN=user1,CN=Users,DC=example,DC=com”

eleben · January 7, 2019, 2:23am

Not to nitpick but is it possible to get this to use ldaps on port 636 to increase security - really shouldn’t be using 389 (insecure) if we don’t have to.

Vinob_chander_Ramasw · July 18, 2019, 8:45am

u can use 636

RodrigoSanchez602 · October 8, 2019, 6:01pm

Hope this helps someone
If you need help finding your AD attributes this might help some people.