https://community.cisco.com/t5/apis/ldapsearch-failing-on-duo/m-p/4885039#M635 <DIV class="duo-migrated-content"><P>Hello,</P> <P>I created a account on <A href="http://Duo.com" rel="nofollow noopener">Duo.com</A> and manually added couple of users and groups</P> <P>then i have a client which is trying to perform an ldap search<BR /> i am able to do a ldap_bind successfully but when we try to do a search it fails with</P> <P>ldap error: Critical extension is unavailable, base=‘dc=■■■■■■■■■■■■■■■■■■■■,dc=duosecurity,dc=com’ filter=’(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))’</P> <P>Unable to search base=‘dc=■■■■■■■■■■■■■■■■■■■■,dc=duosecurity,dc=com’ filter=’(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))’</P> <P>Here is what my dn looks like</P> <P>directory_username dc=■■■■■■■■■■■■■■■■■■■■,dc=duosecurity,dc=com;<BR /> directory_password *****<BR /> ldap_user_naming_attribute cn;<BR /> ldap_user_search_base dc■■■■■■■■■■■■■■■■■■■■,=dc=duosecurity,dc=com;<BR /> ldap_group_search_base dc=ldap_group_search_base dc=duosecurity,dc=com,dc=duosecurity,dc=com;<BR /> ldap_group_attribute member;</P> <BLOCKQUOTE> <P>Blockquote</P> </BLOCKQUOTE></DIV> Thu, 19 Jul 2018 14:37:41 GMT suthakka 2018-07-19T14:37:41Z https://community.cisco.com/t5/apis/ldapsearch-failing-on-duo/m-p/4885039#M635 <DIV class="duo-migrated-content"><P>Hello,</P> <P>I created a account on <A href="http://Duo.com" rel="nofollow noopener">Duo.com</A> and manually added couple of users and groups</P> <P>then i have a client which is trying to perform an ldap search<BR /> i am able to do a ldap_bind successfully but when we try to do a search it fails with</P> <P>ldap error: Critical extension is unavailable, base=‘dc=■■■■■■■■■■■■■■■■■■■■,dc=duosecurity,dc=com’ filter=’(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))’</P> <P>Unable to search base=‘dc=■■■■■■■■■■■■■■■■■■■■,dc=duosecurity,dc=com’ filter=’(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))’</P> <P>Here is what my dn looks like</P> <P>directory_username dc=■■■■■■■■■■■■■■■■■■■■,dc=duosecurity,dc=com;<BR /> directory_password *****<BR /> ldap_user_naming_attribute cn;<BR /> ldap_user_search_base dc■■■■■■■■■■■■■■■■■■■■,=dc=duosecurity,dc=com;<BR /> ldap_group_search_base dc=ldap_group_search_base dc=duosecurity,dc=com,dc=duosecurity,dc=com;<BR /> ldap_group_attribute member;</P> <BLOCKQUOTE> <P>Blockquote</P> </BLOCKQUOTE></DIV> Thu, 19 Jul 2018 14:37:41 GMT https://community.cisco.com/t5/apis/ldapsearch-failing-on-duo/m-p/4885039#M635 suthakka 2018-07-19T14:37:41Z https://community.cisco.com/t5/apis/ldapsearch-failing-on-duo/m-p/4885040#M636 <DIV class="duo-migrated-content"><P>You may not retrieve group information via LDAP from Duo.</P></DIV> Thu, 19 Jul 2018 19:20:22 GMT https://community.cisco.com/t5/apis/ldapsearch-failing-on-duo/m-p/4885040#M636 DuoKristina 2018-07-19T19:20:22Z https://community.cisco.com/t5/apis/ldapsearch-failing-on-duo/m-p/4885041#M637 <DIV class="duo-migrated-content"><P>Can you please elaborate a little more? Is this not possible? We are a firewall company and want to use duo as a primary authentication source…for that we need to download the users and group information which is stored in duo (which i assume is an LDAP server)</P></DIV> Wed, 25 Jul 2018 15:33:00 GMT https://community.cisco.com/t5/apis/ldapsearch-failing-on-duo/m-p/4885041#M637 suthakka 2018-07-25T15:33:00Z https://community.cisco.com/t5/apis/ldapsearch-failing-on-duo/m-p/4885042#M638 <DIV class="duo-migrated-content"><P>Hi there!</P> <P>We do not support or recommend use of Duo as a primary authentication source. We provide secondary authentication by design.</P></DIV> Wed, 25 Jul 2018 19:44:09 GMT https://community.cisco.com/t5/apis/ldapsearch-failing-on-duo/m-p/4885042#M638 DuoKristina 2018-07-25T19:44:09Z https://community.cisco.com/t5/apis/ldapsearch-failing-on-duo/m-p/4885043#M639 <DIV class="duo-migrated-content"><P>Thanks for the quick response Kristina…is there any api duo exposes from where we can download users and groups stored in Duo?</P></DIV> Wed, 25 Jul 2018 20:55:45 GMT https://community.cisco.com/t5/apis/ldapsearch-failing-on-duo/m-p/4885043#M639 suthakka 2018-07-25T20:55:45Z https://community.cisco.com/t5/apis/ldapsearch-failing-on-duo/m-p/4885044#M640 <DIV class="duo-migrated-content"><P>Please take a look at our <A href="https://duo.com/docs/adminapi">Admin API</A>. It is capable of retrieving user and group information from our cloud service.</P></DIV> Wed, 25 Jul 2018 21:40:05 GMT https://community.cisco.com/t5/apis/ldapsearch-failing-on-duo/m-p/4885044#M640 DuoKristina 2018-07-25T21:40:05Z