Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2369
Views
0
Helpful
3
Replies

Problem using a group which has a space in it's DN when using LDAP Group mappings in UCS 1.4

dors
Level 1
Level 1

‎02-28-2011 07:32 AM - edited ‎03-01-2019 09:50 AM

Hey,

We've been implementing LDAP authentication (Active Directory) using LDAP group mapping in UCS 1.4, and we've noticed that when using a group which has a DN with a space in it (such as "UCS Admins") it wouldn't authenticate the user with the appropriate role.

Using a DN without spaces (such as "UCSAdmins"), works just fine.

I should mention that having a base DN with spaces works just fine as well, it's just the group mappings that doesn't work.

I should also mention that Cisco's "Quick guide to configuring ldap for ucs 1.4" shows an example in which the group's DN doesn't include a space.

Is there a workaround available which can make it possible using a group which has a space in it's name?

Thanks,

Dor

0 Helpful
3 Replies 3

Roman Rodichev
Level 7
Level 7

‎02-28-2011 08:01 AM

Have you tried putting quotation marks around it? This usually fixes this issue in Cisco's CLIs

0 Helpful

dors
Level 1
Level 1
In response to Roman Rodichev

‎02-28-2011 08:18 AM

Hey Roman,

Thanks for your prompt reply.

We've tried putting quotes using UCSM which is not possible at all - not for the entire entry nor for the part with spaces.

We've also tried using CLI ("scope security/ldap/ldap-group") where you have to put quotes if you use a DN with spaces, and it still doesn't work. Furthermore, we tried adding quotes only to the part with the spaces, i.e. - CN="UCS Admins",OU=TEST,DC=TEST. It adds the entry without an error, but shows like we would use "CN=UCS Admins,OU=TEST,DC=TEST". Anyway, it doesn't work either.

Thanks again,

Dor

0 Helpful

dors
Level 1
Level 1

‎02-28-2011 08:27 AM

Problem solved - the user which we used to authenticate had the specific group which we used for the ldap group mapping as his primary group in Active Directory.

Once we have changed the users' primary group to another group, he was able to login and gain priveligies.

I think it should be noted that when using LDAP group mapping, the group used shouldn't be the users' primary group.

Dor

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking products for a $25 gift card