topic Directory Sync only pulling a partial list of users/groups from LDAP in Managing Users https://community.cisco.com/t5/managing-users/directory-sync-only-pulling-a-partial-list-of-users-groups-from/m-p/4879925#M512 <DIV class="duo-migrated-content"><P>I have Duo authproxy v5.7.3-b74215e running on a CentOS 7.7 instance, communicating with an OpenLDAP server. DirectorySync + authproxy seems to work fine until I try to add groups. I see only a partial list of groups in the list. I see the following error in the authproxy log:</P> <PRE><CODE class="lang-auto">2022-09-06T12:11:07.993886+0000 [L■■■■■■■■■■■■■■■■■■■■l,XXXXXXXXXXXXXXXXXXXXXXXXXXXX,client] C&lt;-S LDAPMessage(id=4, value=L■■■■■■■■■■■■■■■■■■■■(objectName='cn=xxx_roles,uid=xxx,ou=people,dc=foo,dc=com', attributes=[('cn', ['xxx_roles']), ('entryUUID', ['xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx']), ('entryDN', ['cn=xxx_roles,uid=xxx,ou=people,dc=foo,dc=com'])]), controls=None) 2022-09-06T12:11:07.994194+0000 [L■■■■■■■■■■■■■■■■■■■■l,XXXXXXXXXXXXXXXXXXXXXXXXXXXX,client] C&lt;-S LDAPMessage(id=4, value=LDAPSearchResultDone(resultCode=4), controls=None) 2022-09-06T12:11:07.994462+0000 [duoauthproxy.lib.log#critical] Unexpected error handling message Traceback (most recent call last): File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/Twisted-21.2.0-py3.8.egg/twisted/internet/tcp.py", line 246, in doRead return self._dataReceived(data) File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/Twisted-21.2.0-py3.8.egg/twisted/internet/tcp.py", line 251, in _dataReceived rval = self.protocol.dataReceived(data) File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/ldaptor-19.1.0-py3.8.egg/ldaptor/protocols/ldap/ldapclient.py", line 75, in dataReceived File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/ldaptor-19.1.0-py3.8.egg/ldaptor/protocol 2022-09-06T12:11:07.995823+0000 [duoauthproxy.lib.log#error] Paging cookie not found! </CODE></PRE> <P>So it’s clearly a paging issue with returned data from LDAP. But I have no idea how to correct this.</P> <P>Does anyone have ideas? Thanks.</P></DIV> Tue, 06 Sep 2022 12:25:48 GMT jb4293 2022-09-06T12:25:48Z Directory Sync only pulling a partial list of users/groups from LDAP https://community.cisco.com/t5/managing-users/directory-sync-only-pulling-a-partial-list-of-users-groups-from/m-p/4879925#M512 <DIV class="duo-migrated-content"><P>I have Duo authproxy v5.7.3-b74215e running on a CentOS 7.7 instance, communicating with an OpenLDAP server. DirectorySync + authproxy seems to work fine until I try to add groups. I see only a partial list of groups in the list. I see the following error in the authproxy log:</P> <PRE><CODE class="lang-auto">2022-09-06T12:11:07.993886+0000 [L■■■■■■■■■■■■■■■■■■■■l,XXXXXXXXXXXXXXXXXXXXXXXXXXXX,client] C&lt;-S LDAPMessage(id=4, value=L■■■■■■■■■■■■■■■■■■■■(objectName='cn=xxx_roles,uid=xxx,ou=people,dc=foo,dc=com', attributes=[('cn', ['xxx_roles']), ('entryUUID', ['xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx']), ('entryDN', ['cn=xxx_roles,uid=xxx,ou=people,dc=foo,dc=com'])]), controls=None) 2022-09-06T12:11:07.994194+0000 [L■■■■■■■■■■■■■■■■■■■■l,XXXXXXXXXXXXXXXXXXXXXXXXXXXX,client] C&lt;-S LDAPMessage(id=4, value=LDAPSearchResultDone(resultCode=4), controls=None) 2022-09-06T12:11:07.994462+0000 [duoauthproxy.lib.log#critical] Unexpected error handling message Traceback (most recent call last): File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/Twisted-21.2.0-py3.8.egg/twisted/internet/tcp.py", line 246, in doRead return self._dataReceived(data) File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/Twisted-21.2.0-py3.8.egg/twisted/internet/tcp.py", line 251, in _dataReceived rval = self.protocol.dataReceived(data) File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/ldaptor-19.1.0-py3.8.egg/ldaptor/protocols/ldap/ldapclient.py", line 75, in dataReceived File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/ldaptor-19.1.0-py3.8.egg/ldaptor/protocol 2022-09-06T12:11:07.995823+0000 [duoauthproxy.lib.log#error] Paging cookie not found! </CODE></PRE> <P>So it’s clearly a paging issue with returned data from LDAP. But I have no idea how to correct this.</P> <P>Does anyone have ideas? Thanks.</P></DIV> Tue, 06 Sep 2022 12:25:48 GMT https://community.cisco.com/t5/managing-users/directory-sync-only-pulling-a-partial-list-of-users-groups-from/m-p/4879925#M512 jb4293 2022-09-06T12:25:48Z Re: Directory Sync only pulling a partial list of users/groups from LDAP https://community.cisco.com/t5/managing-users/directory-sync-only-pulling-a-partial-list-of-users-groups-from/m-p/4879926#M513 <DIV class="duo-migrated-content"><P>What flavor of OpenLDAP? Do you know if it supports <A href="https://oidref.com/1.2.840.113556.1.4.319">OID 1.2.840.113556.1.4.319</A>? That’s what the Duo Authentication Proxy requests, and the response back from your LDAP server includes <CODE>controls=None</CODE> instead of responding with paging controls OR the error code indicating the paging control isn’t supported .</P></DIV> Fri, 09 Sep 2022 16:25:05 GMT https://community.cisco.com/t5/managing-users/directory-sync-only-pulling-a-partial-list-of-users-groups-from/m-p/4879926#M513 DuoKristina 2022-09-09T16:25:05Z