I may have hours of experience on both FAC and Open-LDAP, and I am trying to make the LDAP import user part working for me. So far, I have already setup an Open-LDAP on 10.106.6.160, and is trying to see if I could import these users to my FAC.
1). Here is my LDAP edit page, where I always have to input values on these "query elements" fields on that page, which are not optional part.
2) When I have the previous page saved, and click the "import users" button, and have reached the "Import Remote LDAP Users" page. Without any extra editing, I was able to see 5 created LDAP user account here. But while I was to have them imported to FAC, I have got such failure:
Unable to import " uid=testGeeks1,out=people,dc=pluto,dc=fortinet,dc=com": entry does not match the configured filter. "
Any ideas what I did wrong here ? Thanks,
Jack
When I was trying to do the import by the group option, it was executed w/o any issues, but nothing was imported either.
Can you please show me the logs regarding this activity from :
Logging > Log Access > Logs
We should have some info there for this import for example :
Please click each log entry so we can see the message displayed for each of them.
Alternatively, you can download a report summary and i can check it for you :
Regards!
Thanks for the help. I am providing the details here step by step.
A) here is my LDAP SVR setting page, as you may see, I have selected "Group attribute" here.
B) here is the importing page, where I have clicked the "ou=people" checkbox.
C) when the importing is done, here is the message in the log page:
By reading the msg in this log, it seems to me, even I had selected "import users by group membership" option, the actual importing schema is the same as for "import users" ?
What is the business logic of ""import users by group membership". I thought it is for importing users that is associated group(s)
Thanks,
Jack
Hello Jack,
Thank you for your update.
a)I believe option "Group attribute" under query elements is how do you want obtain the group membership for a user.
b)User attributes here means what user attributes from remote LDAP should we populate when importing the users.
c)The importing schema is the same . In both cases we are importing users.
The only difference is how we query the remote LDAP.
In case by group membership there are two filters used and the Member attribute
-Regarding your import
From the logs i see only the query is done but not the actual import . Unless you already imported them before .
When import is done message is something like :
Added remote LDAP user......or Imported remote user.....
Regards!
OK, I kind of understand what is going on here from the log message.
In either "import users" or "import users by group membership" scneario, it tries to load the users first, and if there were actual users, then to have them imported.
Now if you are looking at the 2nd picture in my previous posting, when I click "ou=people" check-box, there is no sub-tree pop-up, which means 0 user needs to be imported here. And that is why we are getting only "loading ... " log, but not "imported ..." log.
So I guess my question is why there is 0 user listed here ?
Thanks,
Jack
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.