LDAP error 32

[Paul]

I am trying to get groups for permissions enabled as our security for all of our tools are based on Project Security groups.  I've tried a couple different changes following this page: https://www.scm-manager.com/2013/12/permission-management-with-ldap-groups/  but am not getting success.

I get this:

Connection: SUCCESS
Search user: FAILURE
Authenticate user: FAILURE
Returned user is valid: FAILURE
Exception: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=Users,DC=dw,DC=local' ]

or:

Connection: SUCCESS
Search user: FAILURE
Authenticate user: FAILURE
Returned user is valid: FAILURE
Exception: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=dw,DC=local' ] 

or:

Connection: SUCCESS
Search user: FAILURE
Authenticate user: FAILURE
Returned user is valid: FAILURE

Currently with the top error we are configured as:

Profile

ID Attribute Name

Fullname Attribute Nam 

Mail Attribute Name

Group Attribute Name

Base DN

Connection DN

Connection Password

Host URL

Search Filter

Group Search Filter

Search Scope

People Unit

Groups Unit

Referral Strategy

Enable nested ad groups

 

Use StartTLS

 

Enabled

 

[Sebastian Sdorra]

Do you use "SCM-Manager Universe" or do you use a standalone version of scm-manager. 

In the case of the standalone version which ldap server do you use and what is your base dn?

Sebastian

--
You received this message because you are subscribed to the Google Groups "scmmanager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to scmmanager+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Paul]

I have the standalone. 

 

We are trying to connect to a Windows domain, currently server 2008.

 

I changed my current settings back to this and get the same error:

Profile

ID Attribute Name

Fullname Attribute Name

Mail Attribute Name

Group Attribute Name

Base DN

Connection DN

Connection Password

Host URL

Search Filter

Group Search Filter

Search Scope

People Unit

Groups Unit

Referral Strategy

[Sebastian Sdorra]

The people and the group unit is attached to the base dn, with this configuration scm-manager will search the following dns:

users: cn=Users,cn=users,dc=dw,dc=local

groups: ou=DWSecurityGroups,cn=users,dc=dw,dc=local

Are these dn's correct?

Sebastian

--

[Paul]

Ok fixed the base DN, not sure why I forgot that one in there.

 

I think the groups is working correctly but also think it isn't.

 

A test shows:

Connection: SUCCESS
Search user: SUCCESS
Authenticate user: SUCCESS
Returned user is valid: SUCCESS

User:
- Name: user
- Display Name: first.last
- Mail: first...@mail.com

 Groups
- App-V_Project_x64OS
- jira-users
- Offer Remote Assistance Helpers
- SVNAdmins

 

But if I go to a repo, type in a security group name; then log in as a user that is part of that security group, no repos are displayed.  If I look at ADSI edit, the DN for a security group is CN=GroupName,OU=DWSecurityGroups,DC=dw,DC=local 

 

I just changed the Group Attribute name to member as that is the field in A/D where the users are listed, at least when looking in ADSI edit in a groups properties.  Also hovering over my login name in the lower right shows my group memberships correctly.

[Sebastian Sdorra]

Have you checked the group checkbox for the group permission?

Sebastian

--

[Paul]

At the repo level - yes

[Paul]

Looks like it is case sensitive to our group names.

[Sebastian Sdorra]

Yes, this true scm-manager user and group names are case sensitive.

Sebastian