Denis_35 Absent Member.
Absent Member.
3579 views

LDAP configuration

Hello all!

I've got some trouble with ldap configuration of HP OO.

I have users in AD: OU=Corp users,OU=Corp_TST,DC=zxcv,DC=com

I have user groups in AD: OU=Corp groups,OU=Corp_TST,DC=zxcv,DC=com

Using filter CN={0},OU=123,OU=Corp users,OU=Corp_TST,DC=zxcv,DC=com  can find users, but i can't find their groups with filter member=CN={1},OU=Corp groups,OU=Corp_TST,DC=zxcv,DC=com.

Where i made a mistake?

 

Here is the conf:

LDAP URL - LDAP://192.168.1.1

List of LDAP contexts containing user groups... - OU=Corp groups,OU=Corp_TST,DC=zxcv,DC=com

LDAP search filter that tries to match the user groups - member=CN={1},OU=Corp groups,OU=Corp_TST,DC=zxcv,DC=com

Attribute of any group (returned from the group search), to use as group name. - name

List of LDAP contexts containing users. - CN={0},OU=123,OU=Corp users,OU=Corp_TST,DC=zxcv,DC=com

List of user context attribute names which can be used as groups. - empty

LDAP search filter used in the user search - (&(objectClass=person)(|(sAMAccountName={0})(uid={0})))

The default group an LDAP authenticated user... - Everybody

An internal OO account representing a user that has search capabilities under AD/LDAP. - cn=adm,ou=corp,DC=zxcv,DC=com

AD Domain - zxcv

Labels (2)
Tags (1)
0 Likes
3 Replies
Absent Member.. houstonhopkins Absent Member..
Absent Member..

Re: LDAP configuration

I will admit it has been a while since I have dug into our OO AD authentication settings.  However, I do know that we had issues because our user dn's contained special characters (or was it comma's).  I am not sure what version of OO you are using, but you might want to contact HP support for the HotFix. 

 

The configuration was driving me crazy until I got ahold of that hotfix. 

 

I could use the "AD Deprecated" settings, but not the "LDAP settings" if I remember correctly.

 

good luck!

H.

0 Likes
Absent Member.. AshishRajbar Absent Member..
Absent Member..

Re: LDAP configuration

You need to correct your filter
"LDAP search filter that tries to match the user groups"

Are you trying to make that user member of all the groups under OU=Corp groups?
if yes try using a filter: (sAMAccountName=*)
if not which I am assuming should be the case you can add multiple filters lke: (sAMAccountName=Domain Users) where Domain Users is the AD group under Corp groups

Ashish
0 Likes
Trusted Contributor.. InverseCow Trusted Contributor..
Trusted Contributor..

Re: LDAP configuration

Once you get all your LDAP/AD filters and settings sorted out, there is one additional bit you need to configure.
Make sure whatever group name you are pulling out of LDAP/AD, also exists in OO!

You will find the specific section here (as an OO admin user):
* OO Central > Administration > Manage Groups
* Click "Add New Group"
* Fill out the details in the 1st & 2nd tabs
* Fill out the group you are mapping against from LDAP in the 3rd tab
* Click "Create Group", and your done!

This will resolve issues where your config "tests" clean, but the LDAP authenticated users keep getting mapped to the "Everyone" group.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.