Skip to Content

After i struggle all one day for configuration ldap to sybase unwired platform, here are few things what i have noticed about ldap structure and want to share my expreince.

If you have configured LDAP to any platform before you may realize the LDAP structure a little. In various companies we may face different LDAP structures. Therefore, before start to configuring we must know some fundemantals of LDAP attributes such as objectClass,groupType,objectCategory… etc.

In this tutorial i will not explain how to configure LDAP, i will just give a few tips on retriving LDAP roles and assigning to SUP Roles.

Below picture shows successfuly retrieved roles.

2.PNG

Lets see roles in LDAP

1.PNG

Main idea what i want to explain lie here. In SUP, number 1 and 2 seem as a role but they have different properties and the point that we should be careful is which one should assign.

Lets investigate number 1  :

/wp-content/uploads/2012/11/3_160381.jpg

The OU role includes CN’s. Those CN’s can be a user or a group. In above picture we see there are four as a group and there is one as user. I am using Apache Directory Studio just be able to see LDAP structure and attributes. One benefit of this studio it shows if CN is a group or user as icon on left. But we should be aware of their properties as well.  For CN as a group has a property objectClass:group so you can notice difference. For CN as a user may have property objectClass:contact, objectClass:user, objectClass:person.

If your user is inside  OU group and if you assing that group in SUP then you will fail in authentication. This is the tricky part. Because , it doesn’t include “member”  attribute.


Lets investigate number 2 role attributes :

4.PNG

CN group has a “member ” attribute. The member attributes includes LDAP users. On SUP side, once you assigned a role it checks member attribute whether it has your user or not. If yes then you will be authenticate successfuly.

Finally , OU groups doesn’t include member attribute since SUP check the member attribute while authentication. Your assignable role must be CN as a group ones.

I hope this post will be helpful to you.

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

  1. Abdulbasit Gulsen

    Tahir,

    It is really tricky, even you can see the Organizational Units as a “Role” on the SUP side by changing the configuration, your role assignments doesn’t work since the system looks for the member of these roles. And Users and Groups are not actually “member” of the Organizational Units.

    Thanks for sharing your experience.

    Abdulbasit.

    (0) 

Leave a Reply