cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP Role Mapping

co_n8ive_
Occasional Contributor

LDAP Role Mapping

Having some problems getting the role mapping to work with LDAP. The Authentication Servers tests ok, but I assume that is just testing the port and username/password combo.

Our LDAP structure doesn't have a lot of depth in OU's and we go from ou=people, o=company.com and we have our UID under the people OU.

What I'm trying to do is role-map based on EmployeeType attribute inside the UID, not on a group. Here are my AuthServer settings and my attribute settings inside the User Realm

Auth Server.

Base DN: ou=people,o=cadence.com

Filter: cn=uid

UserRealm

Attribute: employeeType is *

We're actually using a RADIUS for authentication and LDAP for Directory (which I've put as the Directory lookup in UserRealm settings), once we get past the Radius authentication, the trace shows that the user is denied because "NoRoles" have been applied.

I think this is just an issue with my BaseDN or something.

Any help is appreciated.

Mike

2 REPLIES 2
Thovino_
New Contributor

Re: LDAP Role Mapping

Hi Mike,

Which backend auth server are you using for LDAP. Instead of using Base DN: Base DN: ou=people,o=cadence.com

try Base DN: ou=people,dc=cadence,dc=com.

If this is not working try taking a IVE tcp dump that will help you out.

/Thomas

RexPGP_
Frequent Contributor

Re: LDAP Role Mapping

Not sure if this is the same but we only use LDAP. I define the AD variable in server catalog then I am able to use the variable. For example my OWA test for portal app.

groups="NACSigmaUsersOWAAllow" OR NOT isEmpty(userAttr.HomeMDB)

I added HomeMDB to my attributes in server catalog.