LDAP Native Mapping

Hi,

I've been trying to configure Native Mapping for a Framework User Manager.

So looking at the guide:



I have did just that:



DN: CN=Kenelm Ulric Dogcio,OU=Application,OU=Software Solutions,OU=Technical,OU=Global Sapphire INC Filipinas,DC=GSI,DC=AD

But when i logged in to the Admin Console, i was not able to log in using that account.


Things to note:
Currently on PAM 3.2
The username of the DN is ulric.
I got that DN using AD Explorer

My assumption is: Once i have configured the Native Mapping to a Framework User, once i logged in using the username: ulric and password. I will be able to log in based on the Role of the Framework User which the Native Mapping is configured.
  • Set the unifid.log to DEBUG and try logging in again as this ldap-mapped account. I suspect there will be some authentication issue reported back from the ldap server. I have tested this setup in my own environment against an AD server and it worked. I do know Microsoft has some authentication requirements related to password changes in another feature where LDAP is required to be over SSL/TLS (i.e. ldaps). Perhaps the response from the ldap server will confirm this or perhaps some other error. You really ought to configure ldaps though as sending auth via clear-text isn't ideal of course.

    I have verified this LDAP mapping works with an Active Directory user over ldaps.
  • Set the unifid.log to DEBUG and try logging in again as this ldap-mapped account. I suspect there will be some authentication issue reported back from the ldap server. I have tested this setup in my own environment against an AD server and it worked. I do know Microsoft has some authentication requirements related to password changes in another feature where LDAP is required to be over SSL/TLS (i.e. ldaps). Perhaps the response from the ldap server will confirm this or perhaps some other error. You really ought to configure ldaps though as sending auth via clear-text isn't ideal of course.

    I have verified this LDAP mapping works with an Active Directory user over ldaps.
  • Set the unifid.log to DEBUG and try logging in again as this ldap-mapped account. I suspect there will be some authentication issue reported back from the ldap server. I have tested this setup in my own environment against an AD server and it worked. I do know Microsoft has some authentication requirements related to password changes in another feature where LDAP is required to be over SSL/TLS (i.e. ldaps). Perhaps the response from the ldap server will confirm this or perhaps some other error. You really ought to configure ldaps though as sending auth via clear-text isn't ideal of course.

    I have verified this LDAP mapping works with an Active Directory user over ldaps.
  • tdharris;2486916 wrote:
    Set the unifid.log to DEBUG and try logging in again as this ldap-mapped account. I suspect there will be some authentication issue reported back from the ldap server. I have tested this setup in my own environment against an AD server and it worked. I do know Microsoft has some authentication requirements related to password changes in another feature where LDAP is required to be over SSL/TLS (i.e. ldaps). Perhaps the response from the ldap server will confirm this or perhaps some other error. You really ought to configure ldaps though as sending auth via clear-text isn't ideal of course.

    I have verified this LDAP mapping works with an Active Directory user over ldaps.


    So basically, if the AD is not connecting via LDAPS, this will not work?
  • Yes, only because this restriction is enforced by Microsoft's Active Directory server as far as I know. But looking into the DEBUG unifid.log should verify the same.