Mevludin, I suppose you are using the documentation to add your LDAP. which strategy are you using, manual import, autoimport or autosync? By the looks it seems you want the manual import, but I am not sure. Does the user have a memberOf attribute? Does the group cloudstack-user have a series of uniqueMember attributes?
On Tue, Dec 14, 2021 at 11:04 AM Mevludin Blazevic <mblaze...@uni-koblenz.de> wrote: > Hi all, > > when I try to set up a connection to our LDAP server I am getting an > empty list after clicking on the "Add LDAP button". I have already set > up the basedn, confuigured a bind.principal by using the dn (beginning > with uid= instead of cn=) and a bind password. No LDAP exception is > logged, but when I try to change the password or the principal dn I am > getting an LDAP exception, so I assume that the connection can be > established. My configuration: > > LDAP: my-ldap-server.de:389 (no domain was assigned) > basedn: dc=my-domain, dc=de > bind-principal: uid=<my-user>,ou=ou1,dc=my-domain, dc=de > ldap.provider: openldap > ldap.group.object: groupOfUniqueNames > ldap.nested.groups.enable: true > ldap.search.group.principle: (for example > "cn=cloustack-user,ou=Ou1,dc=my-domain,dc=de") > ldap.user.memberof.attribute: memberOf > ldap.user.object: inetOrgPerson > ldap.username.attribute: uid > ldap.read.timeout: 1000 > ldap.request.page.size: 1000 > > For testing purposes, I run ldapsearch on the same machine where > cloudstack-management is installed. For example: > > ldapsearch -ZZ -LLL -o ldif-wrap=no -c -h my-ldap-server.de -D > "uid=<my-user>,ou=<our-ou>,dc=my-domain, dc=de" -w "<mypassword>" -b > dc=my-domain, dc=de "(ou=ou1)" --> returning a (long) list of LDAP entrys > > ldapsearch -ZZ -LLL -o ldif-wrap=no -c -h my-ldap-server.de -D > "uid=<my-user>,ou=<our-ou>,dc=my-domain, dc=de" -w "<mypassword>" -b > dc=my-domain, dc=de "(cn=cloustack-user)" --> returning a dn with a list > of all group members > > ldapsearch -ZZ -LLL -o ldif-wrap=no -c -h my-ldap-server.de -D > "uid=<my-user>,ou=<our-ou>,dc=my-domain, dc=de" -w "<mypassword>" -b > dc=my-domain, dc=de "(uid=person1)" --> returns an LDAP entry > > Cloudstack-Management log after clicking on "Add LDAP account": > > 2021-12-14 10:59:32,204 DEBUG [o.a.c.l.LdapContextFactory] > (qtp187472540-1210:ctx-64b28371 ctx-59c7bea2) (logid:5e17abe8) > initializing ldap with provider url: ldap://my-ldap-server.de:389 > 2021-12-14 10:59:32,212 TRACE [o.a.c.a.c.LdapListUsersCmd] > (qtp187472540-1210:ctx-64b28371 ctx-59c7bea2) (logid:5e17abe8) returning > unfiltered list of ldap users > > I have also stopped the firewall on the cloudstack-management machine. > Still an empty list. > > Does anyone have any idea why an empty list is displayed on the > Cloudstack UI? Hope you can help me out. > > Best Regards > > Mevludin > > -- Daan
