Base DN issue for LDAP/AD endpoint type

Document ID : KB000013092
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

When I try and create a LDAP/AD endpoint type I receive an error similar to the one below regarding the location and the administrative account being available.

Exception encountered: Create administrative account for endpoint failed: details:Cannot find the account to be created uniquely in the target system: endpointType:ldap ,endpointName:LDAP_test, accountName:uid=account1,ou=Users,ou=Applications,dc=ca,dc=com. number of results:2..

Answer:

The base DN and it's attempt to monitor everything below it will not work if you are in the OU=Users. This will not work, because it cannot search directly under the base DN which in this case would be uid(s). The only way around this would be to create a sub ou= under Users and migrate all UIDs into it, which for most instances would not work due to environmental dependencies. Thus to get ou=Users,ou=Applications,dc=ca,dc=com to work you would need to have in LDAP ou=new_ou_group,ou=Users,ou=Applications,dc=ca,dc=com. With this in mind, to manage the users in ou=Users it will need to have a base DN one level higher in the hierarchy which would result in ou=Applications,dc=ca,dc=com being utilized so it can discover users and manage them.