Hello, we are having a problem configuring the LDAP Group Connector. We have followed the next video on Youtube to configure it: Introduction to LDAP Connectors - YouTube
As you can see in the video when he runs the test and uses “distinguishedName” as “LDAP Attribute: Group Name” the result shows all the list of groups with their respective value of “distinguishedName”:
In our case when we run the same test the result is 0:
Instead, if we use “cn” as “LDAP Attribute: Group Name” the result shows all the list of groups with their respective value of “cn”:
In this last case if we run the last test “Test Getting Members Of a Group” and introduce the “cn” the test does not fail but returns empty results. In the video the agent repeats many times that the “distinguishedName” has to be used… but since it is not working we cannot use this functionality.
We believe this is a bug, is anyone having the same problem here?
these LDAP query attributes are dependent on your ldap directory setup, most people uses some relatively updated version of Active Directory and therefore these attributes work, but if you are using something else these attributes can be different.
it returns the full DN of the group, for example:
CN=Administrators,CN=Builtin,DC=eramba,DC=org
it returns the name of the group, not the full DN, for example:
Administrators
most likely because your LDAP directory can not find the group inside your LDAP directory. for example my query would be as follow, the string you pass (the group name from the previous step) must work on the query you are making, for example:
Thank you for your quick replies. We are using FreeIPA which uses 389 Directory Server… what I can see is that the group objects do not have a “distinguishedName” attribute per se, could this be a problem? Thank you
