ok Mevludin, can try and you empty ldap.search.group.principle (remove the "cn=cloustack-user,ou=Ou1,dc=my-domain,dc=de"), if you have one all your users must have the memberOf attribute filled with that group.
Can you share your value for ldap.group.user.uniquemember? On Tue, Dec 14, 2021 at 4:18 PM Mevludin Blazevic <[email protected]> wrote: > Hi Daan, > > yes, I am trying to use the manual import, we will not have much > Cloudstack users so manually importing them once would be enough. > > I've added the LDAP configuration via the GUI under Configuration -> > LDAP Configuration (only server and port, no domain). Then I configured > the basedn and the other properties from my previous e-mail using the > Global Settings view. > > The users do not have a memberOf attribute yet. Nevertheless, the group > knows its members and yes, the group has a series of uniqueMember > attributes, for example: > > member: uid=person1,ou=ou1,dc=my-domain, dc=de > member: uid=person2,ou=ou1,dc=my-domain, dc=de > member: uid=person3,ou=ou1,dc=my-domain, dc=de > member: uid=person4,ou=ou1,dc=my-domain, dc=de > member: > member: uid=person5,ou=ou1,dc=my-domain, dc=de > member: uid=person6,ou=ou1,dc=my-domain, dc=de > member: uid=person7,ou=ou1,dc=my-domain, dc=de > member: uid=person8,ou=ou1,dc=my-domain, dc=de > member: uid=person9,ou=ou1,dc=my-domain, dc=de > member: uid=person10,ou=ou1,dc=my-domain, dc=de > memberUid: person1 > memberUid: person2 > memberUid: person3 > memberUid: person4 > memberUid: person5 > memberUid: person6 > memberUid: person7 > memberUid: person8 > memberUid: person9 > memberUid: person10 > > Is the manual import possible if there is no memberOf attribute? > > Best Regards > > Mevludin > > Am 14.12.2021 um 12:36 schrieb Daan Hoogland: > > Mevludin, > > I suppose you are using the documentation to add your LDAP. which > strategy > > are you using, manual import, autoimport or autosync? > > By the looks it seems you want the manual import, but I am not sure. > > Does the user have a memberOf attribute? > > Does the group cloudstack-user have a series of uniqueMember attributes? > > > > > > On Tue, Dec 14, 2021 at 11:04 AM Mevludin Blazevic< > [email protected]> > > wrote: > > > >> Hi all, > >> > >> when I try to set up a connection to our LDAP server I am getting an > >> empty list after clicking on the "Add LDAP button". I have already set > >> up the basedn, confuigured a bind.principal by using the dn (beginning > >> with uid= instead of cn=) and a bind password. No LDAP exception is > >> logged, but when I try to change the password or the principal dn I am > >> getting an LDAP exception, so I assume that the connection can be > >> established. My configuration: > >> > >> LDAP: my-ldap-server.de:389 (no domain was assigned) > >> basedn: dc=my-domain, dc=de > >> bind-principal: uid=<my-user>,ou=ou1,dc=my-domain, dc=de > >> ldap.provider: openldap > >> ldap.group.object: groupOfUniqueNames > >> ldap.nested.groups.enable: true > >> ldap.search.group.principle: (for example > >> "cn=cloustack-user,ou=Ou1,dc=my-domain,dc=de") > >> ldap.user.memberof.attribute: memberOf > >> ldap.user.object: inetOrgPerson > >> ldap.username.attribute: uid > >> ldap.read.timeout: 1000 > >> ldap.request.page.size: 1000 > >> > >> For testing purposes, I run ldapsearch on the same machine where > >> cloudstack-management is installed. For example: > >> > >> ldapsearch -ZZ -LLL -o ldif-wrap=no -c -h my-ldap-server.de -D > >> "uid=<my-user>,ou=<our-ou>,dc=my-domain, dc=de" -w "<mypassword>" -b > >> dc=my-domain, dc=de "(ou=ou1)" --> returning a (long) list of LDAP > entrys > >> > >> ldapsearch -ZZ -LLL -o ldif-wrap=no -c -h my-ldap-server.de -D > >> "uid=<my-user>,ou=<our-ou>,dc=my-domain, dc=de" -w "<mypassword>" -b > >> dc=my-domain, dc=de "(cn=cloustack-user)" --> returning a dn with a list > >> of all group members > >> > >> ldapsearch -ZZ -LLL -o ldif-wrap=no -c -h my-ldap-server.de -D > >> "uid=<my-user>,ou=<our-ou>,dc=my-domain, dc=de" -w "<mypassword>" -b > >> dc=my-domain, dc=de "(uid=person1)" --> returns an LDAP entry > >> > >> Cloudstack-Management log after clicking on "Add LDAP account": > >> > >> 2021-12-14 10:59:32,204 DEBUG [o.a.c.l.LdapContextFactory] > >> (qtp187472540-1210:ctx-64b28371 ctx-59c7bea2) (logid:5e17abe8) > >> initializing ldap with provider url:ldap://my-ldap-server.de:389 > >> 2021-12-14 10:59:32,212 TRACE [o.a.c.a.c.LdapListUsersCmd] > >> (qtp187472540-1210:ctx-64b28371 ctx-59c7bea2) (logid:5e17abe8) returning > >> unfiltered list of ldap users > >> > >> I have also stopped the firewall on the cloudstack-management machine. > >> Still an empty list. > >> > >> Does anyone have any idea why an empty list is displayed on the > >> Cloudstack UI? Hope you can help me out. > >> > >> Best Regards > >> > >> Mevludin > >> > >> > -- > Mevludin Blazevic, M.Sc. > > University of Koblenz-Landau > Computing Centre (GHRKO) > Universitaetsstrasse 1 > D-56070 Koblenz, Germany > Room A023 > Tel: +49 261/287-1326 > > -- Daan
