[midPoint] [External] openldap connector
Matthew Brookover
mbrookov at mines.edu
Tue Mar 2 20:59:37 CET 2021
Sorry, I should not be doing OpenLDAP tech support in the midPoint list.
Do you have an ACL set in the front end database?
To view the front end, do an ldapsearch like this one:
[mbrookov at nineoften ~]$ ldapsearch -LLL -bcn=config -x -Hldaps://ldap.mines.edu -Dcn=config -W olcDatabase={-1}frontend
Enter LDAP Password:
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
[mbrookov at nineoften ~]$
> On Mar 2, 2021, at 12:47 PM, Matthew Brookover via midPoint <midpoint at lists.evolveum.com> wrote:
>
> RootDSA is a list of schema and other supported features. If it is blocked in your configuration a number of LDAP clients will not work.
>
> Off the top of my head, I do not remember how to unlock. I will do some poking around and see if I can find the config line item to controls access to the root DSE.
>
> FYI, you can see the root dse with this command:
>
> [mbrookov at nineoften ~]$ ldapsearch -LLL -Hldaps://ldap.mines.edu <hldaps://ldap.mines.edu> -x -D "" -s base -b "" +
> dn:
> structuralObjectClass: OpenLDAProotDSE
> configContext: cn=config
> namingContexts: dc=mines,dc=edu
> monitorContext: cn=Monitor
> supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
> supportedControl: 2.16.840.1.113730.3.4.18
> supportedControl: 2.16.840.1.113730.3.4.2
> supportedControl: 1.3.6.1.4.1.4203.1.10.1
> supportedControl: 1.3.6.1.1.22
> supportedControl: 1.2.840.113556.1.4.319
> supportedControl: 1.2.826.0.1.3344810.2.3
> supportedControl: 1.3.6.1.1.13.2
> supportedControl: 1.3.6.1.1.13.1
> supportedControl: 1.3.6.1.1.12
> supportedExtension: 1.3.6.1.4.1.1466.20037
> supportedExtension: 1.3.6.1.4.1.4203.1.11.1
> supportedExtension: 1.3.6.1.4.1.4203.1.11.3
> supportedExtension: 1.3.6.1.1.8
> supportedFeatures: 1.3.6.1.1.14
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
> supportedLDAPVersion: 3
> supportedSASLMechanisms: GSSAPI
> entryDN:
> subschemaSubentry: cn=Subschema
>
> [mbrookov at nineoften ~]$
>
>
>> On Mar 2, 2021, at 12:12 PM, Keith LeValley via midPoint <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>> wrote:
>>
>> CAUTION: This email originated from outside of the Colorado School of Mines organization. Do not click on links or open attachments unless you recognize the sender and know the content is safe.
>>
>> I am trying to set up a connector with an openldap server. It's a test environment so everything is very simple to this point. When I go to test the connection I am getting a strange error:
>>
>> Operation
>> Connector configuration
>> Message
>> Communication error
>> Error
>> IO error: org.identityconnectors.framework.common.exceptions.ConnectorIOException(Error getting supported controls: ERR_04156_FAILED_FETCHING_ROOT_DSE Failed to fetch the RootDSE)->org.apache.directory.api.ldap.model.exception.LdapException(ERR_04156_FAILED_FETCHING_ROOT_DSE Failed to fetch the RootDSE)->org.apache.directory.api.ldap.model.exception.LdapException(ERR_04155_ROOT_DSE_SEARCH_FAILED Search for root DSE returned no entry)
>>
>> The RootDSE should be configured on the server, when I login using phpldapadmin the ldap server itself looks fine, so I don't think it's anything with the server or authentication. I am a little stumped...
>>
>> --
>> Keith LeValley
>> Identity Services Architect, Davenport University
>> phone: (616) 732-1102
>> klevalley2 at davenport.edu
>> <mailto:klevalley2 at davenport.edu>_______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>
> Matthew B. Brookover
> Solutions Architect
> Information and Technology Solutions (ITS)
> 303-273-3436 | mbrookov at mines.edu <mailto:mbrookov at mines.edu>
> <PastedGraphic-2.tiff>
> Our Values: Trust | Integrity | Respect | Responsibility
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
Matthew B. Brookover
Solutions Architect
Information and Technology Solutions (ITS)
303-273-3436 | mbrookov at mines.edu
Our Values: Trust | Integrity | Respect | Responsibility
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210302/86af910a/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-2.tiff
Type: image/tiff
Size: 10416 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210302/86af910a/attachment-0001.tiff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2491 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210302/86af910a/attachment-0001.bin>
More information about the midPoint
mailing list