Below is a trace out of trying to return the results of the
administrator group setting in the filter.

Note that all I'm specifying is for the cn to be uaadmin.

The LDAP search results are fine from Apache Directory Studio, as you
see in the trace, but from SSPR it doesn't return any users.

FAILING FROM SSPR
2913007360 LDAP: [2017/01/03 9:06:11.399]
(10.26.132.121:40626)(0x0006:0x63) DoSearch on connection 0x39189c00
2913007360 LDAP: [2017/01/03 9:06:11.399]
(10.26.132.121:40626)(0x0006:0x63) Search request:
base: "ou=sa,o=data"
scope:2 dereference:0 sizelimit:5000 timelimit:31
attrsonly:0
filter: "(cn=uaadmin)"
attribute: "1.1"
2913007360 LDAP: [2017/01/03 9:06:11.399]
(10.26.132.121:40626)(0x0006:0x63) nds_back_search: Search Control OID
1.2.840.113556.1.4.319
2913007360 LDAP: [2017/01/03 9:06:11.399]
(10.26.132.121:40626)(0x0006:0x63) nds_back_search: Search Control OID
2.16.840.1.113730.3.4.2
2913007360 LDAP: [2017/01/03 9:06:11.400] iterCountEntries:
ispositionable returned FALSE
2913007360 LDAP: [2017/01/03 9:06:11.400]
(10.26.132.121:40626)(0x0006:0x63) Sending operation result 0:"":"" to
connection 0x39189c00



WORKING WITH ADS
2913007360 LDAP: [2017/01/03 9:06:17.712]
(10.26.132.120:50737)(0x0009:0x63) DoSearch on connection 0x35407c00
2913007360 LDAP: [2017/01/03 9:06:17.712]
(10.26.132.120:50737)(0x0009:0x63) Search request:
base: "ou=sa,o=data"
scope:2 dereference:3 sizelimit:5000 timelimit:0
attrsonly:0
filter: "(cn=uaadmin)"
attribute: "objectClass"
2913007360 LDAP: [2017/01/03 9:06:17.712]
(10.26.132.120:50737)(0x0009:0x63) Sending search result entry
"cn=uaadmin,ou=sa,o=data" to connection 0x35407c00
2913007360 LDAP: [2017/01/03 9:06:17.713]
(10.26.132.120:50737)(0x0009:0x63) Sending operation result 0:"":"" to
connection 0x35407c00



The filter being used by sspr is:
base: "ou=sa,o=data"
scope:2 dereference:0 sizelimit:5000 timelimit:31
attrsonly:0
filter: "(cn=uaadmin)"
attribute: "1.1"

Attribute 1.1 is to return no attributes, which should be fine as we
just need a dn.
We are not able to close out the sspr configuration on 4.x as we don't
have the administrators group section finding users.


--
fp_IDMWORKS
------------------------------------------------------------------------
fp_IDMWORKS's Profile: https://forums.netiq.com/member.php?userid=9869
View this thread: https://forums.netiq.com/showthread.php?t=57138