New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE
Absent Member.
Absent Member.

LDAP configuration

Hello all!

I've got some trouble with ldap configuration of HP OO.

I have users in AD: OU=Corp users,OU=Corp_TST,DC=zxcv,DC=com

I have user groups in AD: OU=Corp groups,OU=Corp_TST,DC=zxcv,DC=com

Using filter CN={0},OU=123,OU=Corp users,OU=Corp_TST,DC=zxcv,DC=com  can find users, but i can't find their groups with filter member=CN={1},OU=Corp groups,OU=Corp_TST,DC=zxcv,DC=com.

Where i made a mistake?


Here is the conf:


List of LDAP contexts containing user groups... - OU=Corp groups,OU=Corp_TST,DC=zxcv,DC=com

LDAP search filter that tries to match the user groups - member=CN={1},OU=Corp groups,OU=Corp_TST,DC=zxcv,DC=com

Attribute of any group (returned from the group search), to use as group name. - name

List of LDAP contexts containing users. - CN={0},OU=123,OU=Corp users,OU=Corp_TST,DC=zxcv,DC=com

List of user context attribute names which can be used as groups. - empty

LDAP search filter used in the user search - (&(objectClass=person)(|(sAMAccountName={0})(uid={0})))

The default group an LDAP authenticated user... - Everybody

An internal OO account representing a user that has search capabilities under AD/LDAP. - cn=adm,ou=corp,DC=zxcv,DC=com

AD Domain - zxcv

Labels (1)
Tags (1)
3 Replies
Absent Member.. Absent Member..
Absent Member..

I will admit it has been a while since I have dug into our OO AD authentication settings.  However, I do know that we had issues because our user dn's contained special characters (or was it comma's).  I am not sure what version of OO you are using, but you might want to contact HP support for the HotFix. 


The configuration was driving me crazy until I got ahold of that hotfix. 


I could use the "AD Deprecated" settings, but not the "LDAP settings" if I remember correctly.


good luck!


Absent Member.. Absent Member..
Absent Member..

You need to correct your filter
"LDAP search filter that tries to match the user groups"

Are you trying to make that user member of all the groups under OU=Corp groups?
if yes try using a filter: (sAMAccountName=*)
if not which I am assuming should be the case you can add multiple filters lke: (sAMAccountName=Domain Users) where Domain Users is the AD group under Corp groups

Commander Commander

Once you get all your LDAP/AD filters and settings sorted out, there is one additional bit you need to configure.
Make sure whatever group name you are pulling out of LDAP/AD, also exists in OO!

You will find the specific section here (as an OO admin user):
* OO Central > Administration > Manage Groups
* Click "Add New Group"
* Fill out the details in the 1st & 2nd tabs
* Fill out the group you are mapping against from LDAP in the 3rd tab
* Click "Create Group", and your done!

This will resolve issues where your config "tests" clean, but the LDAP authenticated users keep getting mapped to the "Everyone" group.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.