This post is more than 5 years old
35 Posts
0
594
October 3rd, 2014 06:00
ViPR LDAP authentification fails
Hi,
I am trying to connect an LDAP server (not AD). I have put the following parameters:
LDAP Server: ldap:// :389
Manager DN: uid=smith,ou=People,o=lpfuserroot
Manager Passwd: ....
Scope: SubTree
Search Base: ou=People,o=lpfuserroot
Search Filter: uid=%U
Using LDAP JXplorer, I have checked that the request was correct and it works fine ... however when I am trying to do a Role Assignment in ViPR ... it fails miserably.
So, I am trying to find a way of debugging the exact request that ViPR is sending to my server to see if there is no 'Delegation issue' or anything else ...
I have used the 'Log' view in ViPR but I cannot find the extact query string sent by ViPR.
So, I am open to any suggestions since I am stuck!!
Thanks in advance.
Matthieu_I
35 Posts
0
October 6th, 2014 00:00
Hi
Ok, I found the problem.
The Search Filter: uid=%U does not work at all.
You must provide:
Search Filter: uid=%u and update your LDAP config to put uid=foo@domain ... for all your user
Not sure if this is a defect or a feature!!
Velik1
36 Posts
0
October 6th, 2014 07:00
Matthiu,
%u is different from %U.
it is a default, you are free to have it blank.
the idea is to provide additional filtering - for large AD setups it helps, especially if you want to create additional subset of users within a large group without creating additional groups.
it definitely sounds like your LDAP user config didn't have "uid=foo" property, and that would be why "uid=%U" filter would be filtering all your users out.
Matthieu_I
35 Posts
0
October 6th, 2014 07:00
Hi,
No, in my case "uid=foo" property was properly setup, as well as "uid=%U" ... but did not work.
It started working as soon as I added the domain to the uid property and switched to %u at the same time.
Sound like a ViPR defect to me...