Error listing LDAP users

[John Meyers]

When I go to the "users" view and select the Realm containing the LDAP server, I get an error pop up that states "Found more than one object for Loginname ''" and an exception is shown in the logs. However when I click the "Test LDAP Resolver" button in the LDAP config page, I get a popup that states "Your LDAP config seems to be OK, 95 user objects found." So why can't I see the users on the user view?

I am able to see the full list of users when I use ldapsearch on the command line:

ldapsearch -LLL -x -D 'dn=ldap_bind,ou=users,dc=crowd' -W -H ldap://localhost:10389 -b 'ou=users,dc=crowd' '(uid=*)'

PrivacyIDEA 2.18-1xenial installed via the Ubuntu packages.

MySQL 5.7.17-0ubuntu0.16.04.1

Apache2 2.4.18-2ubuntu3.1

Ubuntu 16.04.2 LTS

$ sudo cat /etc/privacyidea/pi.cfg

import logging

SUPERUSER_REALM = ['super']

PI_ENCFILE = '/etc/privacyidea/enckey'

PI_AUDIT_KEY_PRIVATE = '/etc/privacyidea/private.pem'

PI_AUDIT_KEY_PUBLIC = '/etc/privacyidea/public.pem'

PI_LOGFILE = '/var/log/privacyidea/privacyidea.log'

PI_LOGLEVEL = 10

PI_PEPPER = '--trimmed--'

SECRET_KEY = '--trimmed--'

SQLALCHEMY_DATABASE_URI = 'mysql://--trimmed--@localhost/pi'

Attached is a screenshot showing the LDAP connector configuration.

To capture this log, I go to the Users page and then select the realm that contains the LDAP user resolver:

[2017-03-21 08:24:05,683][5772][140366958487296][DEBUG][privacyidea.lib.config:72] The singleton <class 'privacyidea.lib.config.ConfigClass'> already exists.

[2017-03-21 08:24:05,686][5772][140366958487296][DEBUG][privacyidea.api.lib.utils:239] Can not get param: No JSON object could be decoded

[2017-03-21 08:24:05,686][5772][140366958487296][DEBUG][privacyidea.lib.user:179] Entering get_user_from_param with arguments ({'realm': u'crowd-ldap'},) and keywords {}

[2017-03-21 08:24:05,686][5772][140366958487296][DEBUG][privacyidea.lib.user:179] Entering User with arguments () and keywords {'login': '', 'realm': u'crowd-ldap'}

[2017-03-21 08:24:05,686][5772][140366958487296][DEBUG][privacyidea.lib.user:179] Entering get_ordererd_resolvers with arguments (User(login='', realm=u'crowd-ldap', resolver=''),) and keywords {}

[2017-03-21 08:24:05,687][5772][140366958487296][DEBUG][privacyidea.lib.realm:179] Entering get_realms with arguments (u'crowd-ldap',) and keywords {}

[2017-03-21 08:24:05,687][5772][140366958487296][DEBUG][privacyidea.lib.config:72] The singleton <class 'privacyidea.lib.config.ConfigClass'> already exists.

[2017-03-21 08:24:05,688][5772][140366958487296][DEBUG][privacyidea.lib.realm:191] Exiting get_realms with result {u'crowd-ldap': {'default': False, 'option': u'', 'resolver': [{'priority': 1, 'type': u'ldapresolver', 'name': u'crowd-ldap'}]}}

[2017-03-21 08:24:05,688][5772][140366958487296][DEBUG][privacyidea.lib.user:191] Exiting get_ordererd_resolvers with result [u'crowd-ldap']

[2017-03-21 08:24:05,689][5772][140366958487296][DEBUG][privacyidea.lib.resolver:179] Entering get_resolver_object with arguments (u'crowd-ldap',) and keywords {}

[2017-03-21 08:24:05,689][5772][140366958487296][DEBUG][privacyidea.lib.resolver:179] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'crowd-ldap'}

[2017-03-21 08:24:05,689][5772][140366958487296][DEBUG][privacyidea.lib.config:72] The singleton <class 'privacyidea.lib.config.ConfigClass'> already exists.

[2017-03-21 08:24:05,690][5772][140366958487296][DEBUG][privacyidea.lib.resolver:193] Exiting get_resolver_list with result HIDDEN

[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea.lib.config:179] Entering get_resolver_list with arguments () and keywords {}

[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea.lib.config:549] None

[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea.lib.config:191] Exiting get_resolver_list with result set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea.lib.config:680] using the module list: set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea.lib.config:688] import module: privacyidea.lib.resolvers.PasswdIdResolver

[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:688] import module: privacyidea.lib.resolvers.SCIMIdResolver

[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:688] import module: privacyidea.lib.resolvers.SQLIdResolver

[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:688] import module: privacyidea.lib.resolvers.LDAPIdResolver

[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:503] module: <module 'privacyidea.lib.resolvers.PasswdIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc'>

[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:503] module: <module 'privacyidea.lib.resolvers.SCIMIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc'>

[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea.lib.config:503] module: <module 'privacyidea.lib.resolvers.SQLIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.pyc'>

[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea.lib.config:503] module: <module 'privacyidea.lib.resolvers.LDAPIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc'>

[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea.lib.resolver:179] Entering get_resolver_config with arguments (u'crowd-ldap',) and keywords {}

[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea.lib.resolver:179] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'crowd-ldap'}

[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea.lib.config:72] The singleton <class 'privacyidea.lib.config.ConfigClass'> already exists.

[2017-03-21 08:24:05,703][5772][140366958487296][DEBUG][privacyidea.lib.resolver:193] Exiting get_resolver_list with result HIDDEN

[2017-03-21 08:24:05,703][5772][140366958487296][DEBUG][privacyidea.lib.resolver:193] Exiting get_resolver_config with result HIDDEN

[2017-03-21 08:24:05,704][5772][140366958487296][DEBUG][privacyidea.lib.resolver:191] Exiting get_resolver_object with result <privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at 0x7fa990e8be50>

[2017-03-21 08:24:05,705][5772][140366958487296][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:680] Added localhost, 10389, False to server pool.

[2017-03-21 08:24:06,174][5772][140366958487296][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:461] Searching user '' in LDAP.

[2017-03-21 08:24:06,353][5772][140366958487296][ERROR][privacyidea.app:1423] Exception on /user/ [GET]

Traceback (most recent call last):

  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1817, in wsgi_app

    response = self.full_dispatch_request()

  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1477, in full_dispatch_request

    rv = self.handle_user_exception(e)

  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1381, in handle_user_exception

    reraise(exc_type, exc_value, tb)

  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1473, in full_dispatch_request

    rv = self.preprocess_request()

  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1666, in preprocess_request

    rv = func()

  File "/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py", line 324, in decorated_function

    return f(*args, **kwargs)

  File "/usr/lib/python2.7/dist-packages/privacyidea/api/before_after.py", line 77, in before_user_request

    before_request()

  File "/usr/lib/python2.7/dist-packages/privacyidea/api/before_after.py", line 110, in before_request

    request.User = get_user_from_param(request.all_data)

  File "/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py", line 187, in log_wrapper

    f_result = func(*args, **kwds)

  File "/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py", line 555, in get_user_from_param

    user_object = User(login=username, realm=realm)

  File "/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py", line 187, in log_wrapper

    f_result = func(*args, **kwds)

  File "/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py", line 92, in __init__

    self.get_resolvers()

  File "/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py", line 189, in get_resolvers

    uid = y.getUserId(self.login)

  File "/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py", line 151, in cache_wrapper

    f_result = func(self, *args, **kwds)

  File "/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py", line 471, in getUserId

    LoginName))

Exception: Found more than one object for Loginname ''

[2017-03-21 08:24:06,355][5772][140366958487296][DEBUG][privacyidea.api.lib.utils:239] Can not get param: No JSON object could be decoded

This log is from when I click on the "Test LDAP Resolver" button:

[2017-03-21 08:29:57,149][5772][140366874560256][DEBUG][privacyidea.lib.config:72] The singleton <class 'privacyidea.lib.config.ConfigClass'> already exists.

[2017-03-21 08:29:57,152][5772][140366874560256][DEBUG][privacyidea.lib.user:179] Entering get_user_from_param with arguments ({u'BINDDN': u'dn=ldap_bind,ou=users,dc=crowd', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(uid=%s)(objectClass=inetOrgPerson))', u'LDAPBASE': u'ou=users,dc=crowd', u'EDITABLE': False, u'LDAPURI': u'ldap://localhost:10389', u'LDAPSEARCHFILTER': u'(uid=*)', u'UIDTYPE': u'dn', u'LOGINNAMEATTRIBUTE': u'uid', u'TLS_VERIFY': False, u'BINDPW': u'--trimmed--', u'USERINFO': u'{  "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'LEVEL', u'NOREFERRALS': False, u'CACHE_TIMEOUT': u'120', u'type': u'ldapresolver'},) and keywords {}

[2017-03-21 08:29:57,152][5772][140366874560256][DEBUG][privacyidea.lib.user:179] Entering User with arguments () and keywords {'login': '', 'realm': ''}

[2017-03-21 08:29:57,152][5772][140366874560256][DEBUG][privacyidea.lib.user:179] Entering get_ordererd_resolvers with arguments (User(login='', realm='', resolver=''),) and keywords {}

[2017-03-21 08:29:57,153][5772][140366874560256][DEBUG][privacyidea.lib.realm:179] Entering get_realms with arguments ('',) and keywords {}

[2017-03-21 08:29:57,153][5772][140366874560256][DEBUG][privacyidea.lib.config:72] The singleton <class 'privacyidea.lib.config.ConfigClass'> already exists.

[2017-03-21 08:29:57,154][5772][140366874560256][DEBUG][privacyidea.lib.realm:191] Exiting get_realms with result {u'pi-passwd': {'default': True, 'option': u'', 'resolver': [{'priority': None, 'type': u'passwdresolver', 'name': u'pi-passwd'}]}, u'crowd-ldap': {'default': False, 'option': u'', 'resolver': [{'priority': 1, 'type': u'ldapresolver', 'name': u'crowd-ldap'}]}}

[2017-03-21 08:29:57,154][5772][140366874560256][DEBUG][privacyidea.lib.user:191] Exiting get_ordererd_resolvers with result []

[2017-03-21 08:29:57,155][5772][140366874560256][DEBUG][privacyidea.lib.user:191] Exiting User with result <empty user>

[2017-03-21 08:29:57,155][5772][140366874560256][DEBUG][privacyidea.lib.user:179] Entering get_ordererd_resolvers with arguments (User(login='', realm='', resolver=''),) and keywords {}

[2017-03-21 08:29:57,155][5772][140366874560256][DEBUG][privacyidea.lib.realm:179] Entering get_realms with arguments ('',) and keywords {}

[2017-03-21 08:29:57,155][5772][140366874560256][DEBUG][privacyidea.lib.config:72] The singleton <class 'privacyidea.lib.config.ConfigClass'> already exists.

[2017-03-21 08:29:57,157][5772][140366874560256][DEBUG][privacyidea.lib.realm:191] Exiting get_realms with result {u'pi-passwd': {'default': True, 'option': u'', 'resolver': [{'priority': None, 'type': u'passwdresolver', 'name': u'pi-passwd'}]}, u'crowd-ldap': {'default': False, 'option': u'', 'resolver': [{'priority': 1, 'type': u'ldapresolver', 'name': u'crowd-ldap'}]}}

[2017-03-21 08:29:57,157][5772][140366874560256][DEBUG][privacyidea.lib.user:191] Exiting get_ordererd_resolvers with result []

[2017-03-21 08:29:57,157][5772][140366874560256][DEBUG][privacyidea.lib.user:191] Exiting get_user_from_param with result <empty user>

[2017-03-21 08:29:57,157][5772][140366874560256][DEBUG][privacyidea.lib.config:72] The singleton <class 'privacyidea.lib.policy.PolicyClass'> already exists.

[2017-03-21 08:29:57,159][5772][140366874560256][DEBUG][privacyidea.lib.audit:179] Entering getAudit with arguments (<Config {'JSON_AS_ASCII': True, 'PI_HSM': 'default', 'PI_LOGFILE': '/var/log/privacyidea/privacyidea.log', 'pi_hsm': {'obj': <privacyidea.lib.security.default.DefaultSecurityModule object at 0x7fa9a03b9450>}, 'PI_AUDIT_KEY_PUBLIC': '/etc/privacyidea/public.pem', 'SQLALCHEMY_POOL_RECYCLE': None, 'SQLALCHEMY_ECHO': False, 'PI_PEPPER': '--trimmed--', 'SQLALCHEMY_POOL_TIMEOUT': None, 'SQLALCHEMY_RECORD_QUERIES': None, 'PI_ENCFILE': '/etc/privacyidea/enckey', 'SESSION_COOKIE_DOMAIN': None, 'SESSION_COOKIE_NAME': 'session', 'pi_token_types': ['registration', 'yubikey', 'radius', 'tiqr', 'pw', 'daplug', 'u2f', 'spass', '4eyes', 'paper', 'motp', 'sms', 'email', 'totp', 'remote', 'hotp', 'certificate', 'yubico', 'sshkey', 'question'], 'SQLALCHEMY_NATIVE_UNICODE': None, 'MAX_CONTENT_LENGTH': None, 'PERMANENT_SESSION_LIFETIME': datetime.timedelta(31), 'SQLALCHEMY_POOL_SIZE': None, 'SQLALCHEMY_MAX_OVERFLOW': None, 'TRAP_HTTP_EXCEPTIONS': False, 'PRESERVE_CONTEXT_ON_EXCEPTION': None, 'SESSION_COOKIE_PATH': None, 'SQLALCHEMY_DATABASE_URI': 'mysql://--trimmed--@localhost/pi', 'LOGGER_NAME': 'privacyidea.app', 'SECRET_KEY': '--trimmed--', 'APPLICATION_ROOT': None, 'SERVER_NAME': None, 'BABEL_DEFAULT_LOCALE': 'en', 'PREFERRED_URL_SCHEME': 'http', 'TESTING': False, 'BABEL_DEFAULT_TIMEZONE': 'UTC', 'USE_X_SENDFILE': False, 'PI_AUDIT_MODULE': 'privacyidea.lib.auditmodules.sqlaudit', 'SESSION_COOKIE_SECURE': False, 'SQLALCHEMY_BINDS': None, 'DEBUG': False, 'SQLALCHEMY_COMMIT_ON_TEARDOWN': False, 'CACHE_TYPE': 'simple', 'JSONIFY_PRETTYPRINT_REGULAR': True, 'PROPAGATE_EXCEPTIONS': None, 'PI_LOGLEVEL': 10, 'TRAP_BAD_REQUEST_ERRORS': False, 'JSON_SORT_KEYS': True, 'SESSION_COOKIE_HTTPONLY': True, 'SEND_FILE_MAX_AGE_DEFAULT': 43200, 'PI_AUDIT_KEY_PRIVATE': '/etc/privacyidea/private.pem', 'SUPERUSER_REALM': ['super']}>,) and keywords {}

[2017-03-21 08:29:57,159][5772][140366874560256][DEBUG][privacyidea.lib.audit:179] Entering getAuditClass with arguments ('privacyidea.lib.auditmodules.sqlaudit', 'Audit') and keywords {}

[2017-03-21 08:29:57,167][5772][140366874560256][DEBUG][privacyidea.lib.audit:76] klass: <class 'privacyidea.lib.auditmodules.sqlaudit.Audit'>

[2017-03-21 08:29:57,168][5772][140366874560256][DEBUG][privacyidea.lib.audit:191] Exiting getAuditClass with result <class 'privacyidea.lib.auditmodules.sqlaudit.Audit'>

[2017-03-21 08:29:57,168][5772][140366874560256][DEBUG][privacyidea.lib.auditmodules.sqlaudit:95] using the connect string mysql://--trimmed--@localhost/pi

[2017-03-21 08:29:57,168][5772][140366874560256][DEBUG][privacyidea.lib.auditmodules.sqlaudit:102] Using SQL pool_size of 20

[2017-03-21 08:29:57,169][5772][140366874560256][DEBUG][privacyidea.lib.audit:191] Exiting getAudit with result <privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7fa990aac290>

[2017-03-21 08:29:57,170][5772][140366874560256][DEBUG][privacyidea.lib.config:179] Entering get_from_config with arguments ('OverrideAuthorizationClient',) and keywords {}

[2017-03-21 08:29:57,171][5772][140366874560256][DEBUG][privacyidea.lib.config:72] The singleton <class 'privacyidea.lib.config.ConfigClass'> already exists.

[2017-03-21 08:29:57,173][5772][140366874560256][DEBUG][privacyidea.lib.config:191] Exiting get_from_config with result None

[2017-03-21 08:29:57,173][5772][140366874560256][DEBUG][privacyidea.api.resolver:179] Entering test_resolver with arguments () and keywords {}

[2017-03-21 08:29:57,173][5772][140366874560256][DEBUG][privacyidea.lib.resolver:179] Entering pretestresolver with arguments (u'ldapresolver', {u'BINDDN': u'dn=ldap_bind,ou=users,dc=crowd', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(uid=%s)(objectClass=inetOrgPerson))', u'LDAPBASE': u'ou=users,dc=crowd', u'EDITABLE': False, u'LDAPURI': u'ldap://localhost:10389', u'LDAPSEARCHFILTER': u'(uid=*)', u'UIDTYPE': u'dn', u'LOGINNAMEATTRIBUTE': u'uid', u'TLS_VERIFY': False, u'BINDPW': u'--trimmed--', u'USERINFO': u'{  "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'LEVEL', u'NOREFERRALS': False, u'CACHE_TIMEOUT': u'120', u'type': u'ldapresolver'}) and keywords {}

[2017-03-21 08:29:57,173][5772][140366874560256][DEBUG][privacyidea.lib.config:179] Entering get_resolver_list with arguments () and keywords {}

[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:549] None

[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:191] Exiting get_resolver_list with result set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:680] using the module list: set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:688] import module: privacyidea.lib.resolvers.PasswdIdResolver

[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:688] import module: privacyidea.lib.resolvers.SCIMIdResolver

[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:688] import module: privacyidea.lib.resolvers.SQLIdResolver

[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:688] import module: privacyidea.lib.resolvers.LDAPIdResolver

[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:503] module: <module 'privacyidea.lib.resolvers.PasswdIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc'>

[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:503] module: <module 'privacyidea.lib.resolvers.SCIMIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc'>

[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:503] module: <module 'privacyidea.lib.resolvers.SQLIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.pyc'>

[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:503] module: <module 'privacyidea.lib.resolvers.LDAPIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc'>

[2017-03-21 08:29:57,177][5772][140366874560256][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:680] Added localhost, 10389, False to server pool.

[2017-03-21 08:29:57,893][5772][140366874560256][DEBUG][privacyidea.lib.resolver:191] Exiting pretestresolver with result (True, u'Your LDAP config seems to be OK, 95 user objects found.')

[2017-03-21 08:29:57,895][5772][140366874560256][DEBUG][privacyidea.api.resolver:191] Exiting test_resolver with result <Response 308 bytes [200 OK]>

[Cornelius Kölbel]

Hi John,

you seem to have a problem in your attribute mapping or your users.

You might have some users with an empty uid?

Kind regards

Cornelius

[John Meyers]

Hi Cornelius,

I checked my users and every single user returned from LDAP has a uid that is unique to the user. Zero are missing the uid field.

Do you have any suggestions for how to debug my attribute mapping?

Thanks.

[John Meyers]

We were able to figure it out. 

The default search filter for LDAP is '(uid=*)(objectClass=inetOrgPerson)', but it turns out we needed to filter on a field that was preset for every user. Which in our case ended up being '(ou=users)'. The 'Test LDAP Resolver' button now returns 0 results, but the actual user list is populated with the full list of real users.

--

Please read the blog post about getting help

https://www.privacyidea.org/getting-help/.

 

For professional services and consultancy regarding two factor authentication please visit

https://netknights.it/en/leistungen/one-time-services/

 

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT which suites your needs for SECURITY, AVAILABILITY and LIABILITY:

https://netknights.it/en/leistungen/service-level-agreements/

---

You received this message because you are subscribed to the Google Groups "privacyidea" group.

To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea...@googlegroups.com.

To post to this group, send email to priva...@googlegroups.com.

Visit this group at https://groups.google.com/group/privacyidea.

To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/1490682111.3843389.925695616.4C8768A9%40webmail.messagingengine.com.

For more options, visit https://groups.google.com/d/optout.