LDAP Group Mapping issues


#1

Greetings everyone!

I’ve been trying to get LDAP configured for a bit now, and have run into some issues.

I have entered the appropriate values for our ldap server in the main authentication page, and have successfully authenticated with our binddn user. However, when I attempt to configure the ldap group assignment, I run into issues.

First, when I select ‘Look up LDAPS Groups’, fill out the appropriate credentials, then search for a user, nothing happens. The UI spins for a second, then returns to its normal state. (originally I thought this might be a browser problem, as I dont’ use one of the big browsers, but testing across firefox and chromium have the same result).

In troubleshooting this issue, I enabled debugging mode, and can see the response from our ldap server is appropriate and contains groups. however after the response, these messages pop up in the logs:

[----] D, [2017-04-07T05:06:54.537825 #1975:3fddb5f48508] DEBUG – : MIQ(MiqLdap#get_memberships) Enter get_memberships: cn=$REDACTED_USER,ou=Users,o=$REDACTED_ORG, max_depth: 5, current_depth: 1, attr: memberof
[----] D, [2017-04-07T05:06:54.538104 #1975:3fddb5f48508] DEBUG – : MIQ(MiqLdap#get_memberships) Groups: []
[----] D, [2017-04-07T05:06:54.538395 #1975:3fddb5f48508] DEBUG – : MIQ(MiqLdap#get_memberships) Exit get_memberships: cn=$REDACTED_USER,ou=Users,o=$REDACTED_ORG, result: []

For some reason, MIQ believes Groups is an empty set.

This of ultimately gives me the error that the user isn’t allowed to log in because its not assigned any roles/groups. Any suggestions on how to get this working? If its a UI issue, is there a configuration we can do outside of the GUI?

We’re deploying from your master on github on OpenShift Origin, but have reproduced this same issue on Euwe deployed as an appliance.

Thanks!