LDAP Sync in Snipe IT

[fadialkanani]

Thanksu

[sjackson0109]

Firewall?
Did you use SSL flag? Can you be sure it was standard LDAP:389?

[bwmRoot]

The issue is with your LDAP filter. Try this:

(&(sAMAccountType=805306368)(!userAccountControl:1.2.840.113556.1.4.803:=2))

[sjackson0109]

The issue is with your LDAP filter. Try this:

(&(sAMAccountType=805306368)(!userAccountControl:1.2.840.113556.1.4.803:=2))

Hello BWM - you are correct, the above LDAP filter is PARTIALLY compliant to the RFC open-ldap standards. However, snipeit v4 and below do not properly format the LDAP filter.. you are required to EXCLUDE the surrounding parenthesis.
For full compliance, taking shortcuts like this isnt supported neither:
(!userAccountControl:1.2.840.113556.1.4.803:=2)
should look like
(!(userAccountControl:1.2.840.113556.1.4.803:=2))

For completeness, I got this working perfectly:
&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(sAMAccountName=template))(!(sAMAccountName=svc.))

For your actual issue in hand fadialkanani:
Try to enable the 'ldap ssl certificate validation (by allowing invalid ssl certificates from being used. Also enable STARTTLS... just like SMTP, LDAP also has support for opening an un-secure connection, and then negotiating a tls session inside the same tunnel. the fact you ahve a communication failure, kind of implies the remote side didn't offer your ldap client (snipeit) with the required login option.

Try launching the software LDP.EXE (it's available on a domain controller, or any client with Remote Server Administration Tools installed)..
Connect to "ldap://FQDN of DOMAIN"
then Login, and enter the snipe-it service account you have have saved just above the screenshot.. the cellse are called "LDAP Bind Username, and LDAP Bind Passwords".
Then goto View Tree...
and paste in the Base BIND DN.. this should READ that Organizational unit of all objects, matching the LDAP filter (with the added parenthesis)... if no users with a distinguishedname are returned, then you have a permission issue (delegation) with your LDAP database. I had this exact issue with a customer a few weeks back!.
if you do get the DN of your user that you are testing below.. then try repeating the LDP steps above, but with the credentials for that account too.

[sjackson0109]

I explained clearly. At the time of writing this ticket, the use of LDAP filters pre-populated braces around your filter expression.

as a result we had to remove the outer braces…