The Users Base and Groups Base fields on the /wiki/spaces/frevvo91/pages/901492728 define a root node to search for entries. The searches are recursive and will traverse the hierarchy starting from those nodes. If your multiple paths share a common base you can configure that value in these properties. For instance, lets assume the following bases:
CN=Sales,CN=Users,DC=test,DC=windows,DC=frevvo,DC=com CN=HR,CN=Users,DC=test,DC=windows,DC=frevvo,DC=com CN=Marketing,CN=Users,DC=test,DC=windows,DC=frevvo,DC=com |
A common path among these is CN=Users,DC=test,DC=windows,DC=frevvo,DC=com and that is what you can configure in the Users Base field.
Yes, you can configure as many tenants as you want. Each tenant can have its own LDAP configuration.
Each tenant can connect to only one LDAP server. However each tenant can connect to a different LDAP server.
If things are not working as you expected:
Below are some common cases to help with troubleshooting. All of them assume that the connectivity is working, meaning that you tested, from the same box where is running and that the connection parameters to the LDAP server you configured in are correct.
This is can be a problem with the expression you configured in All Users Filter (for users) and/or All Groups Filter (for groups) on the Edit Tenant screen. Also verify that the search bases are correct in the Users Base (users) and Groups Base (groups) fields. The LDAP Browser is useful here. Execute a search directly on your LDAP server using the same expression and bases you configured in and check if the result is correct.
Another potential issue is case sensitivity. Please refer to the topic /wiki/spaces/frevvo91/pages/901492728 .
Another potential issue is case sensitivity. Please refer to the topic /wiki/spaces/frevvo91/pages/901492728.
Although the user list from the LDAP appears correct, the user does not appear in the admin search for a task locked by a user.
The table below lists LDAP errors you may encounter when configuring your tenant with the LDAP Security Manager. Verify the recommended values to resolve.
Parameters | Value to Verify | Error on Edit Tenant page |
---|---|---|
Connection URL | Wrong URL | Group access failure: AuthenticationException?: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] Verify the values in Connection URL,Connection User and Connection Password fields |
Connection User | Wrong username | Group access failure: AuthenticationException?: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece] Verify the values in Connection URL,Connection User and Connection Password fields |
Connection Password | Wrong password | Group access failure: AuthenticationException?: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece] Verify the values in Connection URL,Connection User and Connection Password fields |
Users Base | Wrong CN | "User access failure: NameNotFoundException?: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=frevvo,DC=com' ] |
Users Base | Wrong DC | User access failure: UnknownHostException?: frevvod.com |
Groups Base | Wrong CN | Group access failure: NameNotFoundException?: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=frevvo,DC=com' ] |
Groups Base | Wrong DC | Group access failure: UnknownHostException?: fqrevvo.com |
All Groups Filter | Syntax error like mismatched brackets | Group access failure: InvalidSearchFilterException?: Unbalanced parenthesis |
All Groups Filter | Invalid search e.g. (objectClasses=group) instead of (objectClass=group) | Group access failure: InvalidSearchFilterException?: [LDAP: error code 18 - 0000216B: AtrErr: DSID-03140274, #1: 0: 0000216B: DSID-03140274, problem 1004 (WRONG_MATCH_OPER), data 0, Att 180006 (objectClasses) ] |
All Groups Filter | Wrong value e.g. (objectClass=groups) instead of (objectClass=group) | Tenant updates successfully |
All Users Filter | Same as all groups filter | Same as all groups filter |
Certifcate Error | Verify that the certificate is signed by a valid Certificate Authority. Self-signed certificates are not recommended and will not work for LDAP(s) in the Cloud. | Group Access failure:SunCertPathBuilderException:Unable to find valid certification path to requested target |