View Full Version : LDAP group query problem
10-11-2007, 02:08 AM
I'm running Hayes 1.8.2 and got LDAP user validation working fine. (OpenLDAP)
The problem that I have is that my bindingdn config only searches the users list (uid=$1,ou=Users,dc=myserver,dc=com).
How can I set my config to get a second bindingdn?
I need to add uid=$1,ou=Groups,dc=myserver,dc=com
The bindingdn isn't used for searching, it's only used for uniquely identifying a user to authenticate with.
I'm kind of confused about what you're asking here.. Are you able to lookup user by user name? Retrieve all groups? Retrieve a group by group name?
If you're unsure, read the troubleshooting section at http://wiki.opengarden.org/Deki_Wiki/FAQ/User_Management/How_do_I...Integrate_my_users_with_LDAP%2f%2fMS_Ac tive_Directory%3f
10-12-2007, 11:13 AM
Maybe I haven't explained myself right.
My ldap configuration is OK, I'm not having problems with that.
All of my users can actually validate through ldap.
In my config my bindingdn is uid=$1,ou=Users,dc=myserver,dc=com.
Users here is the key word, I'm only authenticating to my Users list. I also have a Groups list that I'm leaving out. When trying to add a group in group management I'm not able to see these groups since they are in my Groups list.
So my question is, could I possibly add another bindingdn to not only get users from ldap, and get users and groups from two separate bindingdns?
I hope I explained myself right this time.
Ok so the issue is looking up a group by name (or possibly all groups). Your bindingdn is only used for authentication and will not limit the search results.
You can try simplifying your bindingdn to
But it will probably not make a difference.
Try pointing your browser to the LDAP service as described in the troublshooting guide and see if you can get all groups or a specific group by name.
In the currently released version, the query for all groups is:
and the query for a given group is
where $1 is the group name. In the upcoming release, these two search queries will be configurable just like "userquery" currently is. You can try these out and see if they return correct info.
I hope this provides some insight.
01-16-2008, 04:02 PM
My tree appear to be like burrito's one. I put your [Max] quoted string there, but continue getting no groups at all.
01-16-2008, 04:22 PM
After adding the service, did you add the groups under the Wiki Control Panel/Group Management? The LDAP groups won't show when trying to set page permissions until you add the LDAP group you want to use in the Wiki 'Group Management' screen.
Powered by vBulletin™ Version 4.1.3 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.