Showing results for 
Search instead for 
Did you mean: 

LDAP Role Mapping

Occasional Contributor

LDAP Role Mapping

Having some problems getting the role mapping to work with LDAP. The Authentication Servers tests ok, but I assume that is just testing the port and username/password combo.

Our LDAP structure doesn't have a lot of depth in OU's and we go from ou=people, and we have our UID under the people OU.

What I'm trying to do is role-map based on EmployeeType attribute inside the UID, not on a group. Here are my AuthServer settings and my attribute settings inside the User Realm

Auth Server.

Base DN: ou=people,

Filter: cn=uid


Attribute: employeeType is *

We're actually using a RADIUS for authentication and LDAP for Directory (which I've put as the Directory lookup in UserRealm settings), once we get past the Radius authentication, the trace shows that the user is denied because "NoRoles" have been applied.

I think this is just an issue with my BaseDN or something.

Any help is appreciated.


New Contributor

Re: LDAP Role Mapping

Hi Mike,

Which backend auth server are you using for LDAP. Instead of using Base DN: Base DN: ou=people,

try Base DN: ou=people,dc=cadence,dc=com.

If this is not working try taking a IVE tcp dump that will help you out.


Frequent Contributor

Re: LDAP Role Mapping

Not sure if this is the same but we only use LDAP. I define the AD variable in server catalog then I am able to use the variable. For example my OWA test for portal app.

groups="NACSigmaUsersOWAAllow" OR NOT isEmpty(userAttr.HomeMDB)

I added HomeMDB to my attributes in server catalog.