Description of problem:
LDAP group retrieval is failing without any exception after configuring IBM directory server as LDAP
Version-Release number of selected component (if applicable):
Always at customer's environment
Steps to Reproduce:
1.LDAP authentication in Settings > Authentication is tested to work fine, Validate button says LDAP Settings validation was successful.
2.Issue is in Access Control > Groups > Add a new Group., when you do an LDAP Group lookup, enter a user to lookup, then a system account username and password. When you hit retrieve, nothing comes back. No group selection options, no error messages, nothing. If you hit save and then go back into the group, it's empty as if it was a generic internal group without LDAP
LDAP Group retrieval is failing.
Group retrieval should be successful.
From the provided logs and ldapsearch output it appears that the memberOf
overly, which is required for authentication "mode: LDAP", is not setup on
the LDAP server.
If the memberof overlay can not be configured converting to external
authentication would be a possible avenue to explore.
As stated in comment 3 doing this did not work:
Response: As previously tried, this does not work this is the same
link as before.
Perhaps it would be good to explore why this did not work.
In summary there are 2 options to pursue:
1. Configure the memberof overlay. To prove it is correctly configured
the ldapsearch command should return lines that being with "memberOf:"
If ldapsearh output is passed through " | grep -i memberof" you should see results.:
ldapsearch -x -H ldap://<LDAP server>:389 -LLL -b "<your base dn>" -s sub -D "<your bind dn>" -w <your pw> | grep -i memberof
2. Convert to external auth following these instructions:
and diagnose why it did not work, as reported:
I'd be glad to get on a video conf. call with the customer to help resolve this,
if that can be arranged.
Thanks Joe for the update. I have updated the same with the customer and looking for their response and If required, will arrange the remote session for further troubleshooting purpose.