[midPoint] [External] openldap connector

Matthew Brookover mbrookov at mines.edu
Tue Mar 2 20:47:21 CET 2021


RootDSA is a list of schema and other supported features.  If it is blocked in your configuration a number of LDAP clients will not work.

Off the top of my head, I do not remember how to unlock.  I will do some poking around and see if I can find the config line item to controls access to the root DSE.

FYI, you can see the root dse with this command:

[mbrookov at nineoften ~]$ ldapsearch -LLL -Hldaps://ldap.mines.edu -x -D "" -s base -b "" +
dn:
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts: dc=mines,dc=edu
monitorContext: cn=Monitor
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.3.6.1.1.22
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.3344810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedExtension: 1.3.6.1.1.8
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
supportedSASLMechanisms: GSSAPI
entryDN:
subschemaSubentry: cn=Subschema

[mbrookov at nineoften ~]$ 


> On Mar 2, 2021, at 12:12 PM, Keith LeValley via midPoint <midpoint at lists.evolveum.com> wrote:
> 
> CAUTION: This email originated from outside of the Colorado School of Mines organization. Do not click on links or open attachments unless you recognize the sender and know the content is safe.
> 
> I am trying to set up a connector with an openldap server.  It's a test environment so everything is very simple to this point.  When I go to test the connection I am getting a strange error:
> 
> Operation
> Connector configuration
> Message
> Communication error
> Error
> IO error: org.identityconnectors.framework.common.exceptions.ConnectorIOException(Error getting supported controls: ERR_04156_FAILED_FETCHING_ROOT_DSE Failed to fetch the RootDSE)->org.apache.directory.api.ldap.model.exception.LdapException(ERR_04156_FAILED_FETCHING_ROOT_DSE Failed to fetch the RootDSE)->org.apache.directory.api.ldap.model.exception.LdapException(ERR_04155_ROOT_DSE_SEARCH_FAILED Search for root DSE returned no entry)
> 
> The RootDSE should be configured on the server, when I login using phpldapadmin the ldap server itself looks fine, so I don't think it's anything with the server or authentication.  I am a little stumped...
> 
> -- 
> Keith LeValley
> Identity Services Architect, Davenport University
> phone:  (616) 732-1102
> klevalley2 at davenport.edu
>  <mailto:klevalley2 at davenport.edu>_______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint

Matthew B. Brookover
Solutions Architect
Information and Technology Solutions (ITS)
303-273-3436 | mbrookov at mines.edu


Our Values: Trust | Integrity | Respect | Responsibility

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210302/a12a286e/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-2.tiff
Type: image/tiff
Size: 10416 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210302/a12a286e/attachment-0001.tiff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2491 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210302/a12a286e/attachment-0001.bin>


More information about the midPoint mailing list