kenelmulric_d Absent Member.
Absent Member.
850 views

LDAP Native Mapping

Hi,

I've been trying to configure Native Mapping for a Framework User Manager.

So looking at the guide:



I have did just that:



DN: CN=Kenelm Ulric Dogcio,OU=Application,OU=Software Solutions,OU=Technical,OU=Global Sapphire INC Filipinas,DC=GSI,DC=AD

But when i logged in to the Admin Console, i was not able to log in using that account.


Things to note:
Currently on PAM 3.2
The username of the DN is ulric.
I got that DN using AD Explorer

My assumption is: Once i have configured the Native Mapping to a Framework User, once i logged in using the username: ulric and password. I will be able to log in based on the Role of the Framework User which the Native Mapping is configured.
0 Likes
3 Replies
Micro Focus Expert
Micro Focus Expert

Re: LDAP Native Mapping

Set the unifid.log to DEBUG and try logging in again as this ldap-mapped account. I suspect there will be some authentication issue reported back from the ldap server. I have tested this setup in my own environment against an AD server and it worked. I do know Microsoft has some authentication requirements related to password changes in another feature where LDAP is required to be over SSL/TLS (i.e. ldaps). Perhaps the response from the ldap server will confirm this or perhaps some other error. You really ought to configure ldaps though as sending auth via clear-text isn't ideal of course.

I have verified this LDAP mapping works with an Active Directory user over ldaps.
0 Likes
kenelmulric_d Absent Member.
Absent Member.

Re: LDAP Native Mapping

tdharris;2486916 wrote:
Set the unifid.log to DEBUG and try logging in again as this ldap-mapped account. I suspect there will be some authentication issue reported back from the ldap server. I have tested this setup in my own environment against an AD server and it worked. I do know Microsoft has some authentication requirements related to password changes in another feature where LDAP is required to be over SSL/TLS (i.e. ldaps). Perhaps the response from the ldap server will confirm this or perhaps some other error. You really ought to configure ldaps though as sending auth via clear-text isn't ideal of course.

I have verified this LDAP mapping works with an Active Directory user over ldaps.


So basically, if the AD is not connecting via LDAPS, this will not work?
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: LDAP Native Mapping

Yes, only because this restriction is enforced by Microsoft's Active Directory server as far as I know. But looking into the DEBUG unifid.log should verify the same.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.