mevludin, the base dn should be just that, not any group below it. Did you try clearing the search group principle? If ldap.group.user.uniquemember is "uniquemember", the group should show `uniquemember: uid=person1,ou=ou1,dc=my-domain, dc=de` for all those users, and not member: `uid=person1,ou=ou1,dc=my-domain, dc=de`. It seems something is off with your configuration in LDAP. I am not sure if this is needed for autoimport, the the empty principle group would be if the correct membership attribute isn't set.
On Tue, Dec 14, 2021 at 5:29 PM Mevludin Blazevic <[email protected]> wrote: > Hi Daan, > > value for ldap.group.user.uniquemember is "uniquemember". I have also > tried to set up the basedn as "ou=ou1,dc=my-domain,dc=de" to get all > users of ou1, list is still empty.. > > Am 14.12.2021 um 16:55 schrieb Daan Hoogland: > > ok Mevludin, > > can try and you empty > > > > ldap.search.group.principle (remove the > > "cn=cloustack-user,ou=Ou1,dc=my-domain,dc=de"), if you have one all your > > users must have the memberOf attribute filled with that group. > > > > > > Can you share your value for ldap.group.user.uniquemember? > > > > > > On Tue, Dec 14, 2021 at 4:18 PM Mevludin Blazevic < > [email protected]> > > wrote: > > > >> Hi Daan, > >> > >> yes, I am trying to use the manual import, we will not have much > >> Cloudstack users so manually importing them once would be enough. > >> > >> I've added the LDAP configuration via the GUI under Configuration -> > >> LDAP Configuration (only server and port, no domain). Then I configured > >> the basedn and the other properties from my previous e-mail using the > >> Global Settings view. > >> > >> The users do not have a memberOf attribute yet. Nevertheless, the group > >> knows its members and yes, the group has a series of uniqueMember > >> attributes, for example: > >> > >> member: uid=person1,ou=ou1,dc=my-domain, dc=de > >> member: uid=person2,ou=ou1,dc=my-domain, dc=de > >> member: uid=person3,ou=ou1,dc=my-domain, dc=de > >> member: uid=person4,ou=ou1,dc=my-domain, dc=de > >> member: > >> member: uid=person5,ou=ou1,dc=my-domain, dc=de > >> member: uid=person6,ou=ou1,dc=my-domain, dc=de > >> member: uid=person7,ou=ou1,dc=my-domain, dc=de > >> member: uid=person8,ou=ou1,dc=my-domain, dc=de > >> member: uid=person9,ou=ou1,dc=my-domain, dc=de > >> member: uid=person10,ou=ou1,dc=my-domain, dc=de > >> memberUid: person1 > >> memberUid: person2 > >> memberUid: person3 > >> memberUid: person4 > >> memberUid: person5 > >> memberUid: person6 > >> memberUid: person7 > >> memberUid: person8 > >> memberUid: person9 > >> memberUid: person10 > >> > >> Is the manual import possible if there is no memberOf attribute? > >> > >> Best Regards > >> > >> Mevludin > >> > >> Am 14.12.2021 um 12:36 schrieb Daan Hoogland: > >>> Mevludin, > >>> I suppose you are using the documentation to add your LDAP. which > >> strategy > >>> are you using, manual import, autoimport or autosync? > >>> By the looks it seems you want the manual import, but I am not sure. > >>> Does the user have a memberOf attribute? > >>> Does the group cloudstack-user have a series of uniqueMember > attributes? > >>> > >>> > >>> On Tue, Dec 14, 2021 at 11:04 AM Mevludin Blazevic< > >> [email protected]> > >>> wrote: > >>> > >>>> Hi all, > >>>> > >>>> when I try to set up a connection to our LDAP server I am getting an > >>>> empty list after clicking on the "Add LDAP button". I have already set > >>>> up the basedn, confuigured a bind.principal by using the dn (beginning > >>>> with uid= instead of cn=) and a bind password. No LDAP exception is > >>>> logged, but when I try to change the password or the principal dn I am > >>>> getting an LDAP exception, so I assume that the connection can be > >>>> established. My configuration: > >>>> > >>>> LDAP: my-ldap-server.de:389 (no domain was assigned) > >>>> basedn: dc=my-domain, dc=de > >>>> bind-principal: uid=<my-user>,ou=ou1,dc=my-domain, dc=de > >>>> ldap.provider: openldap > >>>> ldap.group.object: groupOfUniqueNames > >>>> ldap.nested.groups.enable: true > >>>> ldap.search.group.principle: (for example > >>>> "cn=cloustack-user,ou=Ou1,dc=my-domain,dc=de") > >>>> ldap.user.memberof.attribute: memberOf > >>>> ldap.user.object: inetOrgPerson > >>>> ldap.username.attribute: uid > >>>> ldap.read.timeout: 1000 > >>>> ldap.request.page.size: 1000 > >>>> > >>>> For testing purposes, I run ldapsearch on the same machine where > >>>> cloudstack-management is installed. For example: > >>>> > >>>> ldapsearch -ZZ -LLL -o ldif-wrap=no -c -h my-ldap-server.de -D > >>>> "uid=<my-user>,ou=<our-ou>,dc=my-domain, dc=de" -w "<mypassword>" -b > >>>> dc=my-domain, dc=de "(ou=ou1)" --> returning a (long) list of LDAP > >> entrys > >>>> ldapsearch -ZZ -LLL -o ldif-wrap=no -c -h my-ldap-server.de -D > >>>> "uid=<my-user>,ou=<our-ou>,dc=my-domain, dc=de" -w "<mypassword>" -b > >>>> dc=my-domain, dc=de "(cn=cloustack-user)" --> returning a dn with a > list > >>>> of all group members > >>>> > >>>> ldapsearch -ZZ -LLL -o ldif-wrap=no -c -h my-ldap-server.de -D > >>>> "uid=<my-user>,ou=<our-ou>,dc=my-domain, dc=de" -w "<mypassword>" -b > >>>> dc=my-domain, dc=de "(uid=person1)" --> returns an LDAP entry > >>>> > >>>> Cloudstack-Management log after clicking on "Add LDAP account": > >>>> > >>>> 2021-12-14 10:59:32,204 DEBUG [o.a.c.l.LdapContextFactory] > >>>> (qtp187472540-1210:ctx-64b28371 ctx-59c7bea2) (logid:5e17abe8) > >>>> initializing ldap with provider url:ldap://my-ldap-server.de:389 > >>>> 2021-12-14 10:59:32,212 TRACE [o.a.c.a.c.LdapListUsersCmd] > >>>> (qtp187472540-1210:ctx-64b28371 ctx-59c7bea2) (logid:5e17abe8) > returning > >>>> unfiltered list of ldap users > >>>> > >>>> I have also stopped the firewall on the cloudstack-management machine. > >>>> Still an empty list. > >>>> > >>>> Does anyone have any idea why an empty list is displayed on the > >>>> Cloudstack UI? Hope you can help me out. > >>>> > >>>> Best Regards > >>>> > >>>> Mevludin > >>>> > >>>> > >> -- > >> Mevludin Blazevic, M.Sc. > >> > >> University of Koblenz-Landau > >> Computing Centre (GHRKO) > >> Universitaetsstrasse 1 > >> D-56070 Koblenz, Germany > >> Room A023 > >> Tel: +49 261/287-1326 > >> > >> > -- > Mevludin Blazevic, M.Sc. > > University of Koblenz-Landau > Computing Centre (GHRKO) > Universitaetsstrasse 1 > D-56070 Koblenz, Germany > Room A023 > Tel: +49 261/287-1326 > > -- Daan
