[ https://issues.apache.org/jira/browse/CONNECTORS-1749?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17785779#comment-17785779 ]
Guylaine Bassette commented on CONNECTORS-1749: ----------------------------------------------- Hello, I have added a few more details in the description to help. > LDAP Authority: make Group parameters optional > ---------------------------------------------- > > Key: CONNECTORS-1749 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1749 > Project: ManifoldCF > Issue Type: Improvement > Components: LDAP authority > Reporter: Guylaine Bassette > Priority: Minor > Attachments: image-2023-11-14-08-28-57-668.png > > > The group parameters are mandatory in MCF, but some LDAP servers don't > require such parameters to answer to queries related to a user in order to > get back authorization tokens. With such LDAP servers, you therefore do not > need to input group related information to have a working search. > > But there is a negative aspect: there are scenarios where you may NOT know > any group related information since it is not needed for those LDAP servers. > But since MCF requires these parameters, anything that you put in, in order > for MCF to validate the configuration, will be sent to the LDAP server that > will generate an error answer because the group parameters are incorrect: > Error code 52 - Object Not Found Error. > h2. Debug, help for configuration > Regarding the LDAP Authority configuration: > !image-2023-11-14-08-28-57-668.png! > When you have completed the first part in green, it is equivalent to this > command line with the tool ldapsearch: > {{ldapsearch -x -H ldap://ldap.francelabs.com:389 -D > "uid=myuser,ou=People,dc=francelabs,dc=com" -b > "ou=people,dc=francelabs,dc=com" > "(&(objectClass=inetOrgPerson)(uid=any_user_uid))"}} > Even if you get the expected result with this query, you might think that it > is not important to fill in the red part concerning the group attributes. But > you need to have a working query for the group part. Indeed, if the groups > query is invalid and if you obtain an error code 52 into ldapsearch and MCF > logs, it means that this query is the issue. > Try the default query of MCF : > {{ldapsearch -x -H ldap://ldap.francelabs.com:389 -b > "ou=groups,dc=francelabs,dc=com" "(&(objectClass=groupOfNames))"}} > If you obtain an error code 52 and even if you are not interested by > retrieving the groups, you MUST have a query that works. So change the query > until the error code disappears. > {{ldapsearch -x -H ldap://ldap.francelabs.com:389 -b "dc=francelabs,dc=com" > "(&(objectClass=groupOfNames))"}} > You will obtain some objects. Choose one with the OU that you want and enter > this OU into MCF configuration. Example : > > {{ldapsearch -x -H ldap://ldap.francelabs.com:389 -b > "ou=system,dc=francelabs,dc=com" "(&(objectClass=groupOfNames))"}} -- This message was sent by Atlassian Jira (v8.20.10#820010)