topic Re: LDAP v2 Query EDirectory in Web Security

LDAP v2 Query EDirectory

mhorany_ironport — Fri, 27 Jun 2008 21:27:32 GMT

S650 Upgraded to ASyncOS v5.2.1

Attempting to write LDAP query to EDirectory server.

Keep getting this error
Checking connectivity of LDAP Server(s)...
Success: Server 'server ip omitted' responding to queries on port 389.

Attempting to fetch user information...
Failure: Unable to fetch user DN information from server 'server ip omitted'.Please check the Base DN, User Name Attribute and User Filter values.

Attempting to fetch group information...
Warning: Server 'server ip omitted' returned no valid groups for the configured Group parameters.

My Query is as follows:

User Authentication:
Base DN: o=WFISD

User Name Attribute: cn

User Filter Query: Custom - objectclass=users

Query Credentials:
Server Accepts Anonymous Queries

Define Group Authorization Query
Group Name Attribute: cn

Group Filter Query: Custom - objectclass=group

Group Membership Attribute: member

Any help would be appreciated.... note the same LDAP query in version ASyncOS 5.1 worked.

Thanks in advance

Re: LDAP v2 Query EDirectory

mhorany_ironport — Mon, 30 Jun 2008 23:45:17 GMT

figured it out...

Re: LDAP v2 Query EDirectory

jowolfer — Tue, 01 Jul 2008 23:53:17 GMT

Mhorany,

If you wouldn't mind sharing, what did you do to remedy the problem?

Re: LDAP v2 Query EDirectory

mhorany_ironport — Wed, 02 Jul 2008 00:01:09 GMT

Well, we thought we were running LDAP v2, but turns out...when I put the ironport to v3 the query worked beautifully.

The base DN o=wfisd (our entire tree) with no custom query was sufficient.

took the user filter query out of the base DN all together.

Then, server accepts anonymous logins. (no problem here either)

For the group query, set it to custom, we set the search to:

cn

objectclass=group

query members.

I believe the entire problem however was the ldap v2 or v3 issue.