I too have this issue. I'm using Apple OSX Server using Open Directory. Using JExplorer I can browse the entire directory anonymously and see my users and my groups. When the users try to log on they get a 'role' error (as expected). When I go to add the new rule for group membership I can never get a list of groups from the Open Directory. Under the Auth Servers setting I have my LDAP configuration as follows: LDAP Server IP: 10.0.0.xx LDAP Port: 389 Base DN: dc=myserver,dc=net Filter: cn=<username> And that is pretty much it for the server authentication. With this much it can see the users and see that there are no role rules available. From the posts above, it might be a path or permissions error. Since I can persuse the entire directory with JXplorer, I think the permissions are probably ok. The path, however, could be the culprit. When the searching function in the role mapping asks for the Base DN and the filter, I put in what I have in the auth server settings, but still nothing comes up. Any help would be greatly appreciated.
... View more
Hi folks, I'm attempting to get our SA 2500 to authenticate against our OSX Open Directory architecture. I've been able to connect to the Open Directory architecture, but unfortunately it doesn't appear to be authenticating against the group I have created for VPN authentication. I'm hoping to find someone who has had experience in getting this configuration to work, or if someone is willing to school me a bit regarding the implementation and syntax of the search connection, I'd be very grateful. Currently our LDAP search base in Open Directory (as listed in the server admin/open directory settings) is dc=mycomputername,dc=local, and the filter is listed as cn=<user>. In the configuration page of the Juniper I put in the IP address, port (default) and test successfully. I put in the search base, but it fails to authenticate. My users are in another group called "mygroup", and I do not have the 'requires authentication to search' enabled. I've went as far as put the "mygroup" in the 'Determining Group Membership" section, by putting in the search base, then putting in the group on the filter line as cn=mygroup. Lastly, when I do put in the diradmin user/pass, it fails authentication....which is odd. I'm figuring that I have some syntax screwed up somewhere. Any help would be greatly appreciated.
... View more