Cannot import LDAP user groups from CA Directory

Document ID : KB000006505
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

After configuring integration with CA Directory on the Config > 3rd Party page, we can launch the LDAP Browser from the Users > Manage Groups page. In the explorer tree on the left we can see the user groups we want to import, but we cannot select specific groups as there are no checkboxes to the left of the group names. All we can select is the parent folder, but that is not a user group and importing it will not import any of the groups it contains.

LDAP_browser.jpg

Resolution:

The LDAP configuration on the Config > 3rd Party page was incomplete. Specifically the "User Group ObjectClass" and "Group Member Attr." attributes were not configured. The group details in the LDAP browser show that the object class is "groupOfUniqueNames" and the group member attribute is "uniqueMember", see the screenshot in the problem description. After adding these attributes in the LDAP configuration and launching the LDAP browser again, the user groups can be selected for import.

LDAP_config.jpg

 

Note:
If you are using a different schema on the DSA than x500 then these values might be adjusted accordingly