I’ve managed to configure LDAP as ressource and a user backend as well as a user group backend for authentication. Validation for all 3 objects are ok and I’m able to query AD users as well as AD groups via icingaweb2.
Trying to login as AD user (with or without domain) fails though (incorrect username or password). And no entries in the logs even with log level DEBUG.
However, when I login via local user admin I even find something like this in the logs:
Feb 24 05:34:20 icinga icingaweb2: Issuing LDAP search. Use 'ldapsearch -P 3 -H "ldaps://example.com:636" -D "email@example.com" -W -b "DC=example,DC=com" -s "sub" -z 3 -l 0 -a "never" "(&(objectClass=group)(member=*))" "member" "objectClass"' to reproduce. Feb 24 05:34:20 icinga icingaweb2: Ambiguity query returned 3 results