Solved: Re: Ive 7.0 and LDAP Problem

M.Manolli_ · ‎08-10-2010

Hi to everyone,

I have a problem to configure LDAP authentication.

Exactly the user are able to logon via LDAP, but i'm unable to see the LDAP groups in order to be assigned in the User Realms --> Role Mapping Rules.
I'm not able to find any groups.
We have also dumped the traffic from the LDAP server and all seems to be OK.
The LDAP "NOVEL" server reply correctly to the SA4500 with 7.0R1 (build 16007) sending all the groups but no one is displayed on the SA4500.

Someone are able to help me ?

My company want to use LDAP server, because we have inside this one all the user profiles for any services and this is managed by a Single sign on platform.
We don't want to use other systems, also because SA4500 support LDAP authenticaiton.

Thank you so much for any help.

M.Manolli

M.Manolli_ · ‎08-11-2010

Hi to Everyone,

found the problem

The member attibute was member and not members

My problem was only this.

Thank you for your support.

M.Manolli

View solution in original post

stine_ · ‎08-10-2010

When you create a new role mapping rule, you first have to select the "Rule based on" Group membership. You then have to click the Update button. This will give you a list of Available groups to choose from. If there are none listed, click on the Groups button (beneath Add and Remove). This will open up the LDAP server catalog window. Now click on the Search button. This will open up a list of groups queried from the LDAP server. In this window, you should see a list of LDAP groups. put a check-mark next to the ones you want to import and click Add Selected. If this window is empty, you either have a permissions or path issue. Back in the LDAP server catalog window, once you have all of the groups added, click OK. All of the groups you just added should appear under Available groups.

M.Manolli_ · ‎08-11-2010

Hi to Everyone,

found the problem

The member attibute was member and not members

My problem was only this.

Thank you for your support.

M.Manolli

stine_ · ‎08-11-2010

I'm glad you found it. The simple ones can be the hardest to find.

macinmontana_ · ‎01-19-2011

I too have this issue.

I'm using Apple OSX Server using Open Directory. Using JExplorer I can browse the entire directory anonymously and see my users and my groups. When the users try to log on they get a 'role' error (as expected). When I go to add the new rule for group membership I can never get a list of groups from the Open Directory.

Under the Auth Servers setting I have my LDAP configuration as follows:

LDAP Server IP: 10.0.0.xx

LDAP Port: 389

Base DN: dc=myserver,dc=net

Filter: cn=<username>

And that is pretty much it for the server authentication. With this much it can see the users and see that there are no role rules available.

From the posts above, it might be a path or permissions error. Since I can persuse the entire directory with JXplorer, I think the permissions are probably ok. The path, however, could be the culprit. When the searching function in the role mapping asks for the Base DN and the filter, I put in what I have in the auth server settings, but still nothing comes up.

Any help would be greatly appreciated.

stine_ · ‎01-19-2011

When you use JExplorer, is it using your directory permissions or anonymous permissions? Do you have a DN / password listed under "Authentication required?" I'm using the 389 (formerly RedHat) directory server, and my Admin DN is "cn= directory manager" with the associated password. I haven't used OSX, so I can't tell you exactly what to do to make it work.