Howto Authentication via Microsoft Active Directory

Hi, all!

Is there some documentation how to setup external authentication via Active Directory in the FreePBX 13 User Manager module?

There is no documentation at this time

Thx for answer!
How can I debug my setup?

my experience with windows server 2012

  1. make sure you have access to AD on TCP port 389 from the PBX to the AD system

  2. use dsquery to get correct base DN; from the windows server command line run the following
    C:\Users\master> dsquery user -name validADusername

    so the base DN derived from above will be:

  3. then armed with the base DN begin filling out the required information

    • host : enter the IP address of the AD server
    • port : defaults to 389 which should be fine in most cases
    • username : a valid AD user
    • password : that valid AD users password
    • domain : the AD domain, in my case domain.local
    • the base DN derived from step 2

i actually tested using a hosted PBX with a local instance of server 2012 essentials; i configured a port forward on the local router to take requests for 389 from the PBX and redirect those to the AD server and insured they had no issues speaking with each other

with all of the above in place hit submit and it should now show connected

1 Like

The AD username and password you provide has to have browse permissions as well. Something to consider. I am not 100% sure if that means an admin account or not.

Thx for answer.

I’m using Apache Directory Studio to edit some AD entries via LDAP and i’m sure that my credentials are valid.
But i have some questions:

  1. what syntax is supported by username field: UserPrincipalName, distinguishedName or both?
  2. What mean domain field?
  3. is unicode supported by webgui? My BaseDN include unicode characters.

Thanks for answers.
I think that any AD domain member have read permissions to list groups and another members.

  1. upn - it would the same as logging into a PC after ctrl-alt-del… what you have in your screen shot is incorrect , it should simply be username

  2. if you look under ADUC its the name of the domain for instance freepbx.local

  3. not sure on this one - let me know what your testing confirms

OK, it’s done! I can list AD users.

And what next:

  1. Is any linked extension can be authorized with domain account?
  2. What are usecases of it?

I got an email when this documentation was posted;

I’m really happy to see this added since I use Samba4 as an AD DC. I remember posting about this when 12 was in Beta I think it was and the new User Manager and UCP started rolling out. Big props to the team for getting this into 13! :beers:

Only other thing I’d like to be able to do (might already be able to) is use an external XMPP/Jabber server instead of the build in one. I already have one setup that integrates with my AD DC. I rather run it on dedicated hardware.