SSL VPN
Reply
Distinguished Expert
muttbarker
Posts: 2,346
Registered: ‎01-29-2008
0

Re: LDAP role mapping

Glad you figured it out! That update button is a real "pain" until you get used to it. I think it probably bites everybody at least once when they are coming up to speed on the box :smileyhappy:
Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Visitor
tabooka
Posts: 3
Registered: ‎01-27-2009
0

Re: LDAP role mapping

Ive been running Neoteris box for 5 years now and the update button is still easily over looked. 

 

Contributor
mkosters
Posts: 10
Registered: ‎11-05-2008

Re: LDAP role mapping

Hi Kevin,

 

The problem was the following. There LDAP is realy **bleep**ed! For some users whe must do a samAccountname and for the other memberOf

 

What I did, with Juniper Support was to make userattributes

The problem for this was, I didn;t have a userattribute MemberOf.

We made the userattribute and configured custom expressions

 

With testing for a lot of users and everything works fine

 

Marcel

Distinguished Expert
muttbarker
Posts: 2,346
Registered: ‎01-29-2008
0

Re: LDAP role mapping

Hey Marcel - thanks for the update. Screwy setup! If you get a minute why don't you flag you post as the "solution" so people who see it can jump to what you wrote and learn from it.

 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
mkosters
Posts: 10
Registered: ‎11-05-2008
0

Re: LDAP role mapping

because I want let you know first. Maybe you siad something else.

I will make a solution on this topic

 

Marcel

Trusted Contributor
stine
Posts: 434
Registered: ‎05-05-2008
0

Re: LDAP role mapping

If you are having problems and cannot get the Group Search to show you any groups, sniff the traffic between your SA and your LDAP server.  if you clear the Member Attribute field, the reply packets that you receive from the LDAP server will contain a list of the available attributes listed under LDAP->LDAP Message Search->ProtocolOp->searchResEntry->attributes->PartialAttributeList.

In my case there were three returned: objectClass, cn, uniqueMember.   I then set the Member Attribute field to 'cn' and now my groups show up in the Group Search window and I can add them.

 

My other problem is that I don't do this often enough to remember exactly what to do for each different type of LDAP server (the one I'm working with now is CentOS Directory Server.

Theodore E Van Iderstine
Stream Networks
+1 678 373 4200 x125
JNCIA-ER (expired), JNCIA-SSL (ditto)
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.