Cannot import OpenLDAP Users from posixgroup

Document ID : KB000113079
Last Modified Date : 05/09/2018
Show Technical Document Details
Issue:
I cannot import OpenLDAP Users from LDAP server. 
The LDAP configuration is ok. The problem is when I try to import the LDAP Group. 

In the session logs it shows a message like this:
"The object class of the member is unrecognized: top,inetOrgPerson,posixAccount,evolutionPerson,sambaSamAccount"

Only one user was imported. 
The only difference that I saw is that this user has the objectClass attribute = "person"; while the other users not. 
Users are not imported even if the users have an object child  of "person".. 
Cause:
The root cause is because the object class of the users in LDAP are not compatible with PAM.
PAM look specifically for object class "person". If that is not included in the object class list, the entry will not be imported as user. 
 
Resolution:
Customer will have to add the "person" class to the users.
Additional Information:
I would also suggest to open an idea requesting to support other object classes instead of "person" only.

If this article didn't fix your issue then please open a case to Support and provide the following logs:
  1. If this is a cluster, login to the master of the primary node and setup the LDAP Sync log level to Verbose.
  2. Reproduce the error by importing the LDAP user group.
  3. Go to Config > Diagnostics and download the System Log Configuration (logs.bin) file.
  4. Rollbak the LDAP Sync log level to Normal.