@brianccampbell wrote:
Continuing the discussion from FreePBX 13: User Managment with AD:
This is a follow on to the overall topic in the thread above, but aimed at clarifying some information regarding the auth process. Great job on this - it is awesome integration.I am running FreePBX Distro 10.13.66-5 and have User Manager module 13.0.21. I have a few questions
...
When a UCP user logs in to the UCP site, the authentication is passed through to AD at that time for authorization, not something stored locally in FreePBX correct?
Is the re-population of AD usernames in FreePBX based on any kind of a recurring schedule or is it only performed when the Submit button is selected? I have created a new user (30 minutes ago) in AD and selected the Submit button, but the new user is not showing up in FreePBX. I have a status of Green Connected on the "Authentication Settings" page both before and after selecting Submit. I can also see that the traffic is getting to the AD server when the submit button is selected.
What is the function/intention/format of the "Extension Link Attribute" in the "Authentication Settings" page? I have tried listing a number of AD user attributes and varying extension values (XXX, My Name ) in AD but cant seem to get anything to automatically link an AD user to an extension in User Manager if that is what it is supposed to do.
Is it possible (currently or on the roadmap) to filter the user accounts brought in by the AD connector other than by specifying the base DN?
Is the format for specifying more than one AD server source in the Authentication Settings>Host field supported?
I have changed the BaseDN around a few times trying to figure out what the qualification is for pulling user accounts from AD into FreePBX, but despite the changes it is only pulling real user accounts. I have a slew of service accounts as well that are included in the BaseDN of dc=domain,dc=local. The real user accounts are no different than the service accounts except they lack email addresses.What are the qualifications for the connector to determine if it is a qualifying user account to bring back?
I am happy to do any testing to further isolate/validate any of the AD integration. Any of this that needs to be submitted as a bug report I am happy to do also. With the limited amount of documentation there is around this capability I just didn't want to jump the gun.
Thanks,
Brian
...Posts: 2
Participants: 2