Trusted Contributor
Posts: 446
Registered: ‎05-05-2008

Re: LDAP role mapping

If you are having problems and cannot get the Group Search to show you any groups, sniff the traffic between your SA and your LDAP server.  if you clear the Member Attribute field, the reply packets that you receive from the LDAP server will contain a list of the available attributes listed under LDAP->LDAP Message Search->ProtocolOp->searchResEntry->attributes->PartialAttributeList.

In my case there were three returned: objectClass, cn, uniqueMember.   I then set the Member Attribute field to 'cn' and now my groups show up in the Group Search window and I can add them.


My other problem is that I don't do this often enough to remember exactly what to do for each different type of LDAP server (the one I'm working with now is CentOS Directory Server.

Theodore E Van Iderstine
Stream Networks
+1 678 373 4200 x125
JNCIA-ER (expired), JNCIA-SSL (ditto)
Copyright© 1999-2015 Juniper Networks, Inc. All rights reserved.