Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
824
Views
0
Helpful
1
Replies

Directory Sync only pulling a partial list of users/groups from LDAP

jb4293
Level 1
Level 1

‎09-06-2022 05:25 AM

I have Duo authproxy v5.7.3-b74215e running on a CentOS 7.7 instance, communicating with an OpenLDAP server. DirectorySync + authproxy seems to work fine until I try to add groups. I see only a partial list of groups in the list. I see the following error in the authproxy log:

2022-09-06T12:11:07.993886+0000 [L■■■■■■■■■■■■■■■■■■■■l,XXXXXXXXXXXXXXXXXXXXXXXXXXXX,client] C<-S LDAPMessage(id=4, value=L■■■■■■■■■■■■■■■■■■■■(objectName='cn=xxx_roles,uid=xxx,ou=people,dc=foo,dc=com', attributes=[('cn', ['xxx_roles']), ('entryUUID', ['xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx']), ('entryDN', ['cn=xxx_roles,uid=xxx,ou=people,dc=foo,dc=com'])]), controls=None)
2022-09-06T12:11:07.994194+0000 [L■■■■■■■■■■■■■■■■■■■■l,XXXXXXXXXXXXXXXXXXXXXXXXXXXX,client] C<-S LDAPMessage(id=4, value=LDAPSearchResultDone(resultCode=4), controls=None)
2022-09-06T12:11:07.994462+0000 [duoauthproxy.lib.log#critical] Unexpected error handling message
        Traceback (most recent call last):
          File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/Twisted-21.2.0-py3.8.egg/twisted/internet/tcp.py", line 246, in doRead
            return self._dataReceived(data)
          File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/Twisted-21.2.0-py3.8.egg/twisted/internet/tcp.py", line 251, in _dataReceived
            rval = self.protocol.dataReceived(data)
          File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/ldaptor-19.1.0-py3.8.egg/ldaptor/protocols/ldap/ldapclient.py", line 75, in dataReceived

          File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/ldaptor-19.1.0-py3.8.egg/ldaptor/protocol
2022-09-06T12:11:07.995823+0000 [duoauthproxy.lib.log#error] Paging cookie not found!

So it’s clearly a paging issue with returned data from LDAP. But I have no idea how to correct this.

Does anyone have ideas? Thanks.

Labels:
0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎09-09-2022 09:25 AM

What flavor of OpenLDAP? Do you know if it supports OID 1.2.840.113556.1.4.319? That’s what the Duo Authentication Proxy requests, and the response back from your LDAP server includes controls=None instead of responding with paging controls OR the error code indicating the paging control isn’t supported .

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents