Uploaded image for project: 'ManifoldCF'
  1. ManifoldCF
  2. CONNECTORS-1749

LDAP Authority: make Group parameters optional

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • LDAP authority
    • None

    Description

      The group parameters are mandatory in MCF, but some LDAP servers don't require such parameters to answer to queries related to a user in order to get back authorization tokens. With such LDAP servers, you therefore do not need to input group related information to have a working search.
       
      But there is a negative aspect: there are scenarios where you may NOT know any group related information since it is not needed for those LDAP servers. But since MCF requires these parameters, anything that you put in, in order for MCF to validate the configuration, will be sent to the LDAP server that will generate an error answer because the group parameters are incorrect: Error code 52 - Object Not Found Error.

      Debug, help for configuration

      Regarding the LDAP Authority configuration:

      When you have completed the first part in green, it is equivalent to this command line with the tool ldapsearch:

      ldapsearch -x -H ldap://ldap.francelabs.com:389 -D "uid=myuser,ou=People,dc=francelabs,dc=com" -b "ou=people,dc=francelabs,dc=com" "(&(objectClass=inetOrgPerson)(uid=any_user_uid))"

      Even if you get the expected result with this query, you might think that it is not important to fill in the red part concerning the group attributes. But you need to have a working query for the group part. Indeed, if the groups query is invalid and if you obtain an error code 52 into ldapsearch and MCF logs, it means that this query is the issue.

      Try the default query of MCF :

      ldapsearch -x -H ldap://ldap.francelabs.com:389 -b "ou=groups,dc=francelabs,dc=com" "(&(objectClass=groupOfNames))"

      If you obtain an error code 52 and even if you are not interested by retrieving the groups, you MUST have a query that works. So change the query until the error code disappears.

      ldapsearch -x -H ldap://ldap.francelabs.com:389 -b "dc=francelabs,dc=com" "(&(objectClass=groupOfNames))"

      You will obtain some objects. Choose one with the OU that you want and enter this OU into MCF configuration. Example :
       
       ldapsearch -x -H ldap://ldap.francelabs.com:389 -b "ou=system,dc=francelabs,dc=com" "(&(objectClass=groupOfNames))"

      Attachments

        1. image-2023-11-14-08-28-57-668.png
          40 kB
          Guylaine Bassette

        Activity

          People

            Unassigned Unassigned
            guylaine.bassette Guylaine Bassette
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: