viya4-deployment icon indicating copy to clipboard operation
viya4-deployment copied to clipboard
verified publisher icon sassoftware

(IAC-1289) openLDAP ldif config error with group 'users'

Open canpmh opened this issue 3 years ago • 5 comments

the ldif for the 'users' group has an incorrect distinguished name, which manifests in Viya as a failure show this group when querying memberships for any of the members. This false negative in Viya can manifest to cause confusion.

The distinguishedName attribute's value should be: cn=users,ou=groups,dc=example,dc=com, as opposed to what is shown below.

dn: cn=users,ou=groups,dc=example,dc=com objectClass: groupOfUniqueNames objectClass: extensibleObject gidNumber: 1000 distinguishedName: cn=group1,ou=groups,dc=example,dc=com uniqueMember: uid=user1,ou=people,dc=example,dc=com uniqueMember: uid=user2,ou=people,dc=example,dc=com cn: users

canpmh avatar Nov 21 '22 23:11 canpmh

I haven't seen any issues with the users setup with openLDAP recently. @canpmh are you still having this issue?

riragh avatar Dec 05 '23 15:12 riragh

I haven't checked for this since I opened the issue. I just checked the code and it is still incorrect.

  dn: cn=users,ou=groups,dc=example,dc=com
  changetype: add
  objectclass: groupofUniqueNames
  objectclass: extensibleObject
  gidNumber: 1000
  distinguishedName: _**cn=group1**_,ou=groups,dc=example,dc=com
  uniqueMember:uid=basic_user1,ou=people,dc=example,dc=com

canpmh avatar Dec 05 '23 19:12 canpmh

This is the code file: https://github.com/sassoftware/viya4-deployment/blob/main/examples/openldap/openldap-modify-users.yaml

canpmh avatar Dec 05 '23 19:12 canpmh

Opened an internal ticket for investigation.

sayeun avatar Dec 11 '23 17:12 sayeun