LDAP Auth on K2000
Is anyone successfully using group membership (memberof) in their search filters on the 2000? I've been banging my head against the wall. I know I have the right syntax because the filter I want works on the 1000.
Finally got this to work on the 2000:
(&(samaccountname=KBOX_USER)(|(cn=admin1)(cn= admin2)(cn= admin3)(cn= admin4)))
Accomplishes the same thing, but the group membership would be cleaner.
I do have this specific thing working, though my syntax is slightly different. It shouldn't make a difference, but may be worth a try:
My OUs and FDQN pieces are all capitalized exactly as they are in AD, and I have the samaccountname search first. My memberof is all lower case. Should it matter? Probably not.
For my LDAP Login, I specifically call out the full path to a privileged account using
Again, I also duplicate the case. Should it matter? The only thing I can say is that the KACE OS is a *nix variant, so perhaps the LDAP implementation cares, even if Windows AD does not.
Finally, again watching case, I have the Search Base DSN narrow things down to the main OU rather than the KACE default Base DN.
I also use an IP for the Servername rather than a Hostname.
Past that, is it possible you might have special characters in an OU or group name? I know I have gotten away with %, but you may or may not get away with some others like &, which I have definitely seen people use for things like OU=Users & Computers or CN=Sales & Marketing.
Look under the beef it up section
Thanks for the responses. Sorry, I wasn't clear in my original post. I've already tried the (&(MemberOf=CN=groupname,OU=ouname,OU=ouname,DC=domainname,DC=com)(samaccountname=KBOX_USER)) syntax in my search filter. When I run the test in the ldap config page, I get "successful" messages, but 0 results returned, and I can't actually log in. When I set the filter like in my OP, or drop the memberof requirement altogether, I can log in with the admin account. That's why I was asking specifically if anyone is using memberof in their filter. It sort of looks to me as if ldap is working on my kbox, but memberof is not recognized as a legit parameter. Seems farfetched, but no more so than a few other things I've seen.
I hope the below link should help you..