uCMDB LDAP configuration
I have configured LDAP on uCMDB 10.22, below are the settings, still it reverts the LDAP is not configured correctly, Please suggest.
LDAP connection string ldap://***.***.com:***/OU=***,DC=***,DC=***,DC=com??sub
Distinguished Name (DN) Resolution true
Root Group DC=***,DC=***,DC=com
Search Retries Count 5
Group Base DC=***,DC=***,DC=com
LDAP Search User CN=Usuario ****,OU=***,OU=***,OU=***,DC=***,DC=***,DC=com
Groups name attribute cn
Is case-sensitivity enforced in LDAP authentication True
Root Group Filter (|(objectclass=group)(objectclass=groupOfNames)(objectclass=groupOfUrls)(objectclass=accessGroup)(objectclass=accessRole))
Users object class user
Group Base Filter (|(objectclass=group)(objectclass=groupOfNames)(objectclass=groupOfUrls)(objectclass=accessGroup)(objectclass=accessRole))
Use bottom up algorithm for find parent groups false
Root groups scope sub
Groups member attribute member
Group class object group
Users filter (&(sAMAccountName=*)(objectclass=user))
Enable LDAP authentication false
Scope for groups search sub
Groups display name attribute cn
UUID attribute sAMAccountName
Enable LDAP synchronization true
User display name attribute cn
Groups description attribute description
It is very hard to say all settings are correct [they looks like correct], but i do recommend to test on jmx console for connection testing and use ldap browser see all settings are correct.
you can do also test user to see if returns true.
Do you see any specific error on the logs?
below are the results I have received from jmx console, please suggest,
Mbean: UCMDB:service=LDAP Services. Method: testLDAPConnection
LDAP connection test has failed. Cannot retrieve LDAP Root Groups. See bellow more details about the cause.
Mbean: UCMDB:service=LDAP Services. Method: verifyLDAPCredentials
User usptaddo successfully passes LDAP authentication. Authenticated successfully
Ldap groups for username usptaddo cannot be retrieved
Verify LDAP credentials and retrieving users groups took: 1.4 seconds.
looks like issue on root group mapping. can you be sure ldap search user able to search under those root group setting and make sure filter set properly.
You curently have "Root Group DC=***,DC=***,DC=com", but you didnt difine the OU where the the account sits. i belive you can define the OU at high level.
Root Group ou=RBAC, DC=***,DC=****,DC=*****,DC=com
Let me know, if this works.