cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
844
Views
0
Helpful
5
Replies

Configuring LDAP settings in VSOM - Help with Search Filter

aalbrecht27
Level 1
Level 1

I have VSOM 7.2.0 and I'm trying to configure LDAP integration but am running into problems with the search filter.  I've set it up the best I understand from the manual.  The test for general settings work fine, but the search filters I've tried to setup all fail with the below error message:
Operation failed: User john is not found in LDAP filter path (&(cn=john)(memberOf=CN=USERS,DC=xyz,DC=com))

If I put in a bad password or account I get a different error:
Operation failed: Connection to LDAP for user john failed. Invalid bind DN path or credentials

The search filter settings I'm using are:
Name:  Staff
Search Path:  cn=Users,DC=xyz,DC=com
Filter:  (&(cn=%USERID%)(memberOf=CN=USERS,DC=xyz,DC=com))

All of our users are located in the default USERS OU in active directory.  
I'm not sure what I need to change in the search filter to to get this working and I'm really not familiar with the syntax the search filter wants to use.  Any help is appreciated!

5 Replies 5

Scott Olsen
Level 6
Level 6

Does the test for the general binding settings work *all the time*?  I.E. - If you try it multiple (at least 10 or more) times in a row, do _any_ of the attempts to authenticate fail?

If so, I may know what your issue is. 

Cheers

Scott Olsen Solutions Specialist Bulletproof Solutions Inc. Web: www.bulletproofsi.com

The test for general information always works, the failures only come when I add a search filter and test that search filter.  I don't even see why I need a search filter since I don't really care who has access to our cameras, but without it you can't assign it to a group.

Okay, well... if your test bind *is* actually working 100% of the time, then it has to be the search filter.  

In any of the LDAP integrations I've performed against MS LDAP (AD), the actual account name has always been sAMAccountName.  i.e.:

(sAMAccountName=%USERID%)

If you haven't given it a try yet, I recommend probing your LDAP structure with a tool like Sysinternals ADExplore to help troubleshoot getting the Search Filter correct.

https://technet.microsoft.com/en-us/sysinternals/adexplorer.aspx

All the best!

Scott Olsen Solutions Specialist Bulletproof Solutions Inc. Web: www.bulletproofsi.com

I am not sure how your AD architecture is but I am guessing you are trying to search in a OU called users within your domain.  If that is true, it should be as follows:

Name: Staff

Search Path: OU=Users,DC=xyz,DC=com

Filter:

(&(sAMAccountName=%USERID%)(memberOf=CN=VSOMGary,CN=Users,DC=xyz,DC=com))

VSOMGary is a global security group I created to allow users access to specific cameras.  You need to add users to this group in order for them to have access to log into VSOM. 

Nice catch.  I completely glossed over the 'memberOf=CN=USERS' in the original posting.

Scott Olsen Solutions Specialist Bulletproof Solutions Inc. Web: www.bulletproofsi.com
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: