What username is it expecting? I mapped either “uid” or “mail” from my ldap to the profile.username:
var profile = {
id: raw_data.uid || raw_data.mail,
username: raw_data.uid || raw_data.mail,
displayName: raw_data.displayName,
name: {
familyName: raw_data.sn,
givenName: raw_data.givenName
},
//nickname: raw_data[‘sAMAccountName’] || raw_data[‘cn’] || raw_data[‘commonName’],
groups: raw_data[‘groups’],
emails: (raw_data.mail ? [{value: raw_data.mail }] : undefined)
};
Using the AD/LDAP Connector admin tool, in Troubleshooting, the troubleshooter failed the NLTEST, does it matter? I’m not connecting to AD. It did return my test user from my config. But in Search, both “Find user by login” and “Search users” failed to return my test user:
One thing worth checking is the LDAP_USER_BY_NAME parameter in your
config.json file.
Currently looking at your config file, it looks like it only searches via the username.
So when you try to authenticate the user, it will only search on the username field.
So if you give an email it will fail authentication.
Can you try with this search query in the config.json file:
“LDAP_USER_BY_NAME”: “(|(cn={0})(mail={0}))”
Please restart your connector before testing and changes take place.
Greatly appreciate your continuous help here. Just to have the entire config in one message here. I installed and configured the AD/LDAP connector without much problems, my config didn’t complain, i.e, the connector was able to connect to my LDAP (eDirectory). The Troubleshooter also was able to find the one test user:
Again, NLTEST failed but I wasn’t connecting to AD here, so I ignored this error. I did update the config.json to provide both “cn” and “mail” as possible login option:
Regarding your LDAP_BASE question, yes, I have the domain correct, here’s the LDAP entry that I use to test this (cn=user1), you can see that the hierarchy is cn=user1,ou=people,o=demo:
Users.prototype.getByUserName = function (userName, callback) {
var self = this;
var opts = {
scope: ‘sub’,
filter: nconf.get(‘LDAP_USER_BY_NAME’).replace(/{0}/g, userName)
};
FYI, I have no issue integrating this LDAP with another vendor’s agent, so I know the LDAP itself is valid.
The question is why is it working fine in Troubleshooter but not Search? If I can get Search to work, then I know it’ll work with the default app. Any ideas are much appreciated.
Also In your LDAP_BASE, I see you don’t have the Domain component(DC) defined, and NLTEST seems to be complaining about DC only.
Can you try and add it as well?
I don’t understand here, I’m not connecting to AD. Also, what would my DC be? You can see from my sample entry that my root suffix (in this case my DC) is o=demo.