[
https://issues.apache.org/jira/browse/CONNECTORS-1749?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17785779#comment-17785779
]
Guylaine Bassette commented on CONNECTORS-1749:
-----------------------------------------------
Hello,
I have added a few more details in the description to help.
> LDAP Authority: make Group parameters optional
> ----------------------------------------------
>
> Key: CONNECTORS-1749
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1749
> Project: ManifoldCF
> Issue Type: Improvement
> Components: LDAP authority
> Reporter: Guylaine Bassette
> Priority: Minor
> Attachments: image-2023-11-14-08-28-57-668.png
>
>
> The group parameters are mandatory in MCF, but some LDAP servers don't
> require such parameters to answer to queries related to a user in order to
> get back authorization tokens. With such LDAP servers, you therefore do not
> need to input group related information to have a working search.
>
> But there is a negative aspect: there are scenarios where you may NOT know
> any group related information since it is not needed for those LDAP servers.
> But since MCF requires these parameters, anything that you put in, in order
> for MCF to validate the configuration, will be sent to the LDAP server that
> will generate an error answer because the group parameters are incorrect:
> Error code 52 - Object Not Found Error.
> h2. Debug, help for configuration
> Regarding the LDAP Authority configuration:
> !image-2023-11-14-08-28-57-668.png!
> When you have completed the first part in green, it is equivalent to this
> command line with the tool ldapsearch:
> {{ldapsearch -x -H ldap://ldap.francelabs.com:389 -D
> "uid=myuser,ou=People,dc=francelabs,dc=com" -b
> "ou=people,dc=francelabs,dc=com"
> "(&(objectClass=inetOrgPerson)(uid=any_user_uid))"}}
> Even if you get the expected result with this query, you might think that it
> is not important to fill in the red part concerning the group attributes. But
> you need to have a working query for the group part. Indeed, if the groups
> query is invalid and if you obtain an error code 52 into ldapsearch and MCF
> logs, it means that this query is the issue.
> Try the default query of MCF :
> {{ldapsearch -x -H ldap://ldap.francelabs.com:389 -b
> "ou=groups,dc=francelabs,dc=com" "(&(objectClass=groupOfNames))"}}
> If you obtain an error code 52 and even if you are not interested by
> retrieving the groups, you MUST have a query that works. So change the query
> until the error code disappears.
> {{ldapsearch -x -H ldap://ldap.francelabs.com:389 -b "dc=francelabs,dc=com"
> "(&(objectClass=groupOfNames))"}}
> You will obtain some objects. Choose one with the OU that you want and enter
> this OU into MCF configuration. Example :
>
> {{ldapsearch -x -H ldap://ldap.francelabs.com:389 -b
> "ou=system,dc=francelabs,dc=com" "(&(objectClass=groupOfNames))"}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
