"Add LDAP account" returns empty user list

Tue, 14 Dec 2021 02:04:34 -0800 

Hi all,
when I try to set up a connection to our LDAP server I am getting an empty list after clicking on the "Add LDAP button". I have already set up the basedn, confuigured a bind.principal by using the dn (beginning with uid= instead of cn=) and a bind password. No LDAP exception is logged, but when I try to change the password or the principal dn I am getting an LDAP exception, so I assume that the connection can be established. My configuration: 

LDAP: my-ldap-server.de:389 (no domain was assigned)
basedn: dc=my-domain, dc=de
bind-principal: uid=<my-user>,ou=ou1,dc=my-domain, dc=de
ldap.provider: openldap
ldap.group.object: groupOfUniqueNames
ldap.nested.groups.enable: true

ldap.search.group.principle: (for example 
"cn=cloustack-user,ou=Ou1,dc=my-domain,dc=de")

ldap.user.memberof.attribute: memberOf
ldap.user.object: inetOrgPerson
ldap.username.attribute: uid
ldap.read.timeout: 1000
ldap.request.page.size: 1000


For testing purposes, I run ldapsearch on the same machine where 
cloudstack-management is installed. For example:



ldapsearch -ZZ -LLL -o ldif-wrap=no -c -h my-ldap-server.de -D 
"uid=<my-user>,ou=<our-ou>,dc=my-domain, dc=de" -w "<mypassword>" -b 
dc=my-domain, dc=de "(ou=ou1)" --> returning a (long) list of LDAP entrys



ldapsearch -ZZ -LLL -o ldif-wrap=no -c -h my-ldap-server.de -D 
"uid=<my-user>,ou=<our-ou>,dc=my-domain, dc=de" -w "<mypassword>" -b 
dc=my-domain, dc=de "(cn=cloustack-user)" --> returning a dn with a list 
of all group members



ldapsearch -ZZ -LLL -o ldif-wrap=no -c -h my-ldap-server.de -D 
"uid=<my-user>,ou=<our-ou>,dc=my-domain, dc=de" -w "<mypassword>" -b 
dc=my-domain, dc=de "(uid=person1)" --> returns an LDAP entry


Cloudstack-Management log after clicking on "Add LDAP account":


2021-12-14 10:59:32,204 DEBUG [o.a.c.l.LdapContextFactory] 
(qtp187472540-1210:ctx-64b28371 ctx-59c7bea2) (logid:5e17abe8) 
initializing ldap with provider url: ldap://my-ldap-server.de:389
2021-12-14 10:59:32,212 TRACE [o.a.c.a.c.LdapListUsersCmd] 
(qtp187472540-1210:ctx-64b28371 ctx-59c7bea2) (logid:5e17abe8) returning 
unfiltered list of ldap users



I have also stopped the firewall on the cloudstack-management machine. 
Still an empty list.



Does anyone have any idea why an empty list is displayed on the 
Cloudstack UI? Hope you can help me out.


Best Regards

Mevludin























					Reply via email to