Having some problems getting the role mapping to work with LDAP. The Authentication Servers tests ok, but I assume that is just testing the port and username/password combo.
Our LDAP structure doesn't have a lot of depth in OU's and we go from ou=people, o=company.com and we have our UID under the people OU.
What I'm trying to do is role-map based on EmployeeType attribute inside the UID, not on a group. Here are my AuthServer settings and my attribute settings inside the User Realm
Base DN: ou=people,o=cadence.com
Attribute: employeeType is *
We're actually using a RADIUS for authentication and LDAP for Directory (which I've put as the Directory lookup in UserRealm settings), once we get past the Radius authentication, the trace shows that the user is denied because "NoRoles" have been applied.
I think this is just an issue with my BaseDN or something.
Any help is appreciated.
Which backend auth server are you using for LDAP. Instead of using Base DN: Base DN: ou=people,o=cadence.com
try Base DN: ou=people,dc=cadence,dc=com.
If this is not working try taking a IVE tcp dump that will help you out.
Not sure if this is the same but we only use LDAP. I define the AD variable in server catalog then I am able to use the variable. For example my OWA test for portal app.
groups="NACSigmaUsersOWAAllow" OR NOT isEmpty(userAttr.HomeMDB)
I added HomeMDB to my attributes in server catalog.