Solved: Re: LDAP role mapping - Page 2

muttbarker_ · ‎02-11-2009

Glad you figured it out! That update button is a real "pain" until you get used to it. I think it probably bites everybody at least once when they are coming up to speed on the box

tabooka_ · ‎02-12-2009

Ive been running Neoteris box for 5 years now and the update button is still easily over looked.

mkosters_ · ‎02-12-2009

Hi Kevin,

The problem was the following. There LDAP is realy **bleep**ed! For some users whe must do a samAccountname and for the other memberOf

What I did, with Juniper Support was to make userattributes

The problem for this was, I didn;t have a userattribute MemberOf.

We made the userattribute and configured custom expressions

With testing for a lot of users and everything works fine

Marcel

muttbarker_ · ‎02-13-2009

Hey Marcel - thanks for the update. Screwy setup! If you get a minute why don't you flag you post as the "solution" so people who see it can jump to what you wrote and learn from it.

mkosters_ · ‎02-13-2009

because I want let you know first. Maybe you siad something else.

I will make a solution on this topic

Marcel

stine_ · ‎08-05-2009

If you are having problems and cannot get the Group Search to show you any groups, sniff the traffic between your SA and your LDAP server. if you clear the Member Attribute field, the reply packets that you receive from the LDAP server will contain a list of the available attributes listed under LDAP->LDAP Message Search->ProtocolOp->searchResEntry->attributes->PartialAttributeList.

In my case there were three returned: objectClass, cn, uniqueMember. I then set the Member Attribute field to 'cn' and now my groups show up in the Group Search window and I can add them.

My other problem is that I don't do this often enough to remember exactly what to do for each different type of LDAP server (the one I'm working with now is CentOS Directory Server.