I recently purchased and installed vCloud Director. I am trying to configure LDAP to sync with my OpenLDAP server and it connects but the field mappings fail every time. Please see the screenshots attached to see what everything looks like.
Below is what an ldapsearch returns for a testuser I have
# test1user, people, domain.com
I have attached the screenshots as well. Any help would be appreciated.
Thanks,
Michael
although I am not familiar with openLDAP the distinguished name (dn) of a user would typically be like this in AD
uid=test1user,ou=people,dc=domain,dc=com
cn=test1user,ou=people,dc=domain,dc=com
see if that makes any difference for you.
with our installation of OpenLDAP, the user string is in fact
uid=test1user,ou=people,dc=domain,dc=com.
I still am unable to get the LDAP synchronization going on this.
This is now working, apparently I needed to restart my LDAP server to resolve the issue, go figure.
I tried to create ldap user and group and put the attribute like you in the first post.
But still having problem with showing Disabled on attribute "Group Name" and "Group unique identifier".
Can you show me about sample ldap user and group that you use also the value you put on user and group attribute in vCloud Director too?
Thanks
Below is what an ldapsearch returns for a testuser I have (this would be the sample LDAP user config)
What openldap version do you use?
Can you show me your slapd.conf too?
I can't get objectClass "groupOfNames" and "posixGroup" working together.
I googling and found those objectClass it can't using in group together
and it will showing error "[LDAP: error code 65 - invalid structural object class chain (groupOfNames/posixGroup)]"
if you try to add it together.
So I still see Group name and Group unique identifier disabled.
Regards,
OpenLDAP2 (2.3.32-0.10)
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access to user password
# Allow anonymous users to authenticate
# Allow read access to everything else
# Directives needed to implement policy:
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to attrs=userPassword,userPKCS12
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
loglevel 1
TLSCertificateFile /etc/ssl/servercerts/servercert.pem
TLSCACertificatePath /etc/ssl/certs/
TLSCertificateKeyFile /etc/ssl/servercerts/serverkey.pem
database bdb
suffix "dc=doman,dc=com"
rootdn "cn=Admin,dc=domain,dc=com"
rootpw "{ssha}encrypted_value=="
directory /var/lib/ldap
checkpoint 1024 5
cachesize 10000
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres