Hello all,
I am trying to setup LDAP sync with MS Active Directory but users and groups are not being added.
My configuration:
Name Value
LdapConnectionString ldaps://####.net
LdapGroupClass group
LdapGroupMappingName samAccountName
LdapGroupUniqueId objectGUID
LdapMappingDescription description
LdapMappingFullName name
LdapPageSize 1000
LdapSearchBase DC=####,DC=NET
LdapSearchFilter (objectClass=*)
LdapSyncInterval 0
LdapSyncUser CN=####,OU=Admin,DC=####,DC=net
LdapSyncUserPassword ####
LdapUserClass user
LdapUserDeleteAction Disable user
LdapUserMappingName samAccountName
LdapUserUniqueId objectGUID
Log shows:
2019.09.16 20:45:55.478 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:56.244 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:58.371 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:58.386 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.246 *D* LDAPConnection::fillLists(): Found dn: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.246 *D* LDAPConnection::fillLists(): Unknown object is not added: dn: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net, login name: (null), full name: TimSim01, description: TimothySimmons undefined
2019.09.16 20:45:59.277 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.277 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.386 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.386 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:46:00.121 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:46:00.761 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
It almost looks like the values aren't being assigned to the right fields (off by 1?) and as such, no new users or groups are getting added.
It's also not turning up any users with '-'s in their name in the log, and all of the users we would want end in -admtx. I'm not sure if that's a real problem or not through because I can't get the user database to populate. Thanks for any help you can give!
Hi,
Can you please send the full log of the synchronization? You can send it as a private message if you want.
Your current configuration looks good.
Hi,
we just published server version 3.0.2355 - it has additional LDAP related debug output that can help in debugging.
Best regards,
Victor
I know this is old, but today we just solved this one. It turns out that the LdapUserMappingName configuration field is case sensitive - I had samAccountName populated there, but in AD the attribute is written as sAMAccountName. When I put this in instead, the sync worked. Many thanks to Tatjana for her help in this!
Created issue: https://track.radensolutions.com/issue/NX-1725