cancel
Showing results for 
Search instead for 
Did you mean: 

SA2500 Auth.Server using openldap(linux base)

alvinsu_
Contributor

SA2500 Auth.Server using openldap(linux base)

Hi, everyone:

When I configurate SA2500 Auth.Server(server type: LDAP server), customer's LDAP server is openldap(linux base), I can't create Role Mapping Rule base on "group membership", because there is not any group name can specify, there is only ou name in openldap server(different with Windows base AD), how can I specify ou name to dicide which "ou name" can map specific  role(like using group name)?  please help~

 

BR

Alvin

6 REPLIES 6
SVK_
Regular Contributor

Re: SA2500 Auth.Server using openldap(linux base)

under the LDAP auth server configuration for Determining group membership

please configure the following 

 

Base DN: dc=your Domain,dc=com

Filter: ou=<GROUPNAME>

Member Attribute: member

Once configured save changes and on the same LDAP auth server configuration page click on server catalog check if you can pull the groups.

 

please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks

 

Regards,

SVK

zanyterp_
Respected Contributor

Re: SA2500 Auth.Server using openldap(linux base)

Some additional troubleshooting if needed beyond SVK:
Use an LDAP browser and check for groups
Check the tcp dump for groups
Check the tcp dump for how groups are defined
SVK_
Regular Contributor

Re: SA2500 Auth.Server using openldap(linux base)

Wondering if the above configuration suggested worked?

alvinsu_
Contributor

Re: SA2500 Auth.Server using openldap(linux base)

Dear  SVK &  Zanyterp:

Thanks for your response, but after configurate suggested, the problem still remain, test result and tcp dump file as the

attachment, would you please give me some advice? thank you very much.

 

BR

Alvin

SVK_
Regular Contributor

Re: SA2500 Auth.Server using openldap(linux base)

With the filter set for objectclass under feterminin group membership you are pulling the users

 

when you set ou=<groupname> are you able to pull the group memebership

 

If yes when you perform a search under the server catlog double clicking on the group will get added or there is checkbox before each entry select all the groups required and click on add selected this will get updated.

 

To add a group under ldap auth server you have to enter the abosolute path like

 

please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks

 

Regards,

Vijay Kumar

zanyterp_
Respected Contributor

Re: SA2500 Auth.Server using openldap(linux base)

It is not recommended to type out the group name like it looks like you did there; it is better to search and add.
When you did, did you put the entire path (c=group,ou=mygroups,dc=corp,dc=com), as required?