cancel
Showing results for 
Search instead for 
Did you mean: 
seebvey
Level 10

get LDAP User Groups

Jump to solution

Hi,

i´m trying to get the Group Membership of Users out of my OpenLDAP Domain.

The authentication is working fine, but group attributes cannot be found.

result.png

I configured it as follows:

LDAP-GROUP.png

In a tcpdump i can see that %u is this long string:  "uid=username,ou=Samba,ou=Users,dc=domain,dc=net" and therefore the filter in the LDAP query is

memberUid=uid=username,ou=Samba,ou=Users,dc=domain,dc=net

With such a search i can never find the Group members.

Has anyone any idea how to configure this right?

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: get LDAP User Groups

Jump to solution

Hi Seebvey!

I have dealt with this in the past, the problem was that the user id was not stored in the correct format in the group attribute (full DN syntax). So we needed to pull the username (cn) off of the user attributes, and query the user CN against the groups.

The attached ruleset along with screenshots does this.

1rules.png

2userauth.png

3grouppull.png

Best,

Jon

0 Kudos
2 Replies
McAfee Employee

Re: get LDAP User Groups

Jump to solution

Hi Seebvey!

I have dealt with this in the past, the problem was that the user id was not stored in the correct format in the group attribute (full DN syntax). So we needed to pull the username (cn) off of the user attributes, and query the user CN against the groups.

The attached ruleset along with screenshots does this.

1rules.png

2userauth.png

3grouppull.png

Best,

Jon

0 Kudos
seebvey
Level 10

Re: get LDAP User Groups

Jump to solution

Hi Jon,

it is working fine.

Thank you very much!

Sebastian

0 Kudos