Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1756
Views
0
Helpful
1
Replies

Failing to run "Accept Query" and "Group Query"

zheka_pefti
Level 2
Level 2

‎01-16-2011 04:12 PM

Hi folks,
I ran into an weird situation with testing AD queries, namely Accept and Group query. The thing is that I successfully bind to AD using port 389 and the username in the format DOMAIN\user

But whenever I test "Accept Query" I enter the valid email address of the valid domain user in the form of user1@domain.com and get this error:

Query results for host:192.168.1.30
Query  (proxyAddresses=smtp:user1@domain.com) to server AD_PROFILE  (192.168.1.30:389)
Query (proxyAddresses=smtp:user1@domain.com) lookup  failed: Invalid DN syntax, server diagnostic: 0000208F: NameErr: DSID-031001F7,  problem 2006 (BAD_NAME), data 8349, best match of: 'ou=Users,  dc=domain.com dc=com'
Failure: Invalid DN syntax, server  diagnostic: 0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data  8349, best match of: 'ou=Users, dc=domain.com dc=com'

Almost the same thing with the group query:

Query results for host:192.168.1.30
Query  (&(memberOf=support)(proxyAddresses=smtp:support@domain.com)) to  server AD_PROFILE (192.168.1.30:389)
Query  (&(memberOf=support)(proxyAddresses=smtp:support@domain.com)) lookup  failed: Invalid DN syntax, server diagnostic: 0000208F: NameErr: DSID-031001F7,  problem 2006 (BAD_NAME), data 8349, best match of: 'ou=Users,  dc=domain.com dc=com'
Failure: Invalid DN syntax, server  diagnostic: 0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data  8349, best match of: 'ou=Users, dc=domain.com dc=com'


Or even worse, now the result of the query comes as follows:

Query results for  host:192.168.1.30
Query (proxyAddresses=smtp:user1@domain.com) to  server KOIOS_AD_PROFILE (192.168.1.30:389)
Query  (proxyAddresses=smtp:user1@domain.com) lookup failed: Referral following  yielded no result.
Failure: Referral following yielded no  result.

My Base DN is configured as follows:
ou=Users, dc=domain.com dc=com

Can someone please steer me into the right direction to sort this error.

Eugene

Labels:
0 Helpful
1 Reply 1

Christopher Smith
Level 4
Level 4

‎01-20-2011 09:35 AM

Hi,

This may be  due to erroneous configuration in "LDAP Server Settings".

Please note: Don't use space to separate domain components(dc=) instead of comma. The error codes also point out the reason:
'ou=Users,  dc=domain.com dc=com'

So try modifying your query using a comma instead of a space, then flush ldap cache, and try the query again.

You can flush the cache by issuing the command 'ldapflush' from the cli.

Christopher C Smith

CSE
Cisco IronPort Customer Support 

0 Helpful
Customers Also Viewed These Support Documents