Ldap multiple user_tree_dn

asked 2016-02-04 07:23:17 -0500

humankind135 gravatar image

updated 2016-02-05 03:14:41 -0500

Hi There

I have managed to get Ldap authentication working (Active Directory specfically) but I am having a bit of trouble with the layout. I am using the Suse Cloud Hybrid Identity driver(https://github.com/SUSE-Cloud/keystone-hybrid-backend/tree/kilo).

The problem is that the users in the Directory are spread out over a number of OU's and I cannot get all of them in the user_tree_dn. If I don't set a user_tree_dn or I set the dn to one level I don't get any users listed. This is a production Active Directory so changing everything around to suit Openstack isn't really possible.

Is there any way of specifying multiple user_tree_dn's or an option to write my own ldap query?

Thanks in advance for any help.

edit retag flag offensive close merge delete

Comments

Hello, did you manage to solve this somehow? I'm having the same issue. Thanks!

Petar Koraca gravatar imagePetar Koraca ( 2016-08-31 07:25:38 -0500 )edit

Petar, I'm afraid not directly. I stopped using ldap so its not an issue for me anymore.

humankind135 gravatar imagehumankind135 ( 2016-10-21 04:21:16 -0500 )edit

If I remember correctly issue was that AD response was restricted to something like 1000 records (less that no. of our users). We solved it with user filter.

Petar Koraca gravatar imagePetar Koraca ( 2016-11-03 14:11:26 -0500 )edit

It happened again to us, since filtered query went above 1000. If additional query filter is not an option, you can increase MaxPageSize on Active Directory.

Petar Koraca gravatar imagePetar Koraca ( 2016-12-20 08:26:21 -0500 )edit