https://community.hpe.com/t5/hpe-morpheus-enterprise-software/ldap-integration-query/m-p/7247593#M767 <P>Hi Expert, I have question regarding LDAP integration.<BR /> We have successfully integrate with LDAP with below, and user LDAP can logging in<BR /> </P><DIV class="lightbox-wrapper"><span class="lia-inline-image-display-wrapper" image-alt="Screenshot 2023-05-26 195501"><img src="https://community.hpe.com/t5/image/serverpage/image-id/150193iE9217037ECC568A3/image-size/large?v=v2&amp;px=2000" role="button" title="950851e6ef9dd97c67d9bd7e2515d77807cc26e1.png" alt="950851e6ef9dd97c67d9bd7e2515d77807cc26e1.png" /></span></DIV><P></P> <P>Now customer has additional requirement to smaller group of users and create cn in ldap, ou=KAWAN_GROUPS &amp; cn=SP<BR /> </P><DIV class="lightbox-wrapper"><span class="lia-inline-image-display-wrapper" image-alt="Screenshot 2023-05-26 195617"><img src="https://community.hpe.com/t5/image/serverpage/image-id/150135i324C0854F14C2DF2/image-size/large?v=v2&amp;px=2000" role="button" title="c1bed4eb6ef988553d3c6e502bfc787aa1e220ff.png" alt="c1bed4eb6ef988553d3c6e502bfc787aa1e220ff.png" /></span></DIV><BR /> and put additional parameter REQUIRED LDAP GROUP DN<BR /> <DIV class="lightbox-wrapper"><span class="lia-inline-image-display-wrapper" image-alt="Screenshot 2023-05-26 195545"><img src="https://community.hpe.com/t5/image/serverpage/image-id/149970i704E8A7BDC5E954D/image-size/large?v=v2&amp;px=2000" role="button" title="17196fbc6c780287ca6829c7f4e48bdc1e65dfe7.png" alt="17196fbc6c780287ca6829c7f4e48bdc1e65dfe7.png" /></span></DIV><BR /> but this doesnt work.<BR /> Question is above understanding correct regarding REQUIRED LDAP GROUP DN parameter?<BR /> If not, please help explain what REQUIRED LDAP GROUP DN for?<P></P> <P>Another question, we trying use ROLE MAPPINGS in right section , when we put LDAP DN member on SYSTEM ADMIN , but after logging in user still created as DEFAULT ROLE which is Standart User. Is it expected behaviour?</P> <P>For better understanding, this question come from my customer, they want to know what feature/capability of ldap integration, not much information with this parameter in morpheus doc.</P> Fri, 26 May 2023 13:58:31 GMT Sam Shen_1 2023-05-26T13:58:31Z https://community.hpe.com/t5/hpe-morpheus-enterprise-software/ldap-integration-query/m-p/7247593#M767 <P>Hi Expert, I have question regarding LDAP integration.<BR /> We have successfully integrate with LDAP with below, and user LDAP can logging in<BR /> </P><DIV class="lightbox-wrapper"><span class="lia-inline-image-display-wrapper" image-alt="Screenshot 2023-05-26 195501"><img src="https://community.hpe.com/t5/image/serverpage/image-id/150193iE9217037ECC568A3/image-size/large?v=v2&amp;px=2000" role="button" title="950851e6ef9dd97c67d9bd7e2515d77807cc26e1.png" alt="950851e6ef9dd97c67d9bd7e2515d77807cc26e1.png" /></span></DIV><P></P> <P>Now customer has additional requirement to smaller group of users and create cn in ldap, ou=KAWAN_GROUPS &amp; cn=SP<BR /> </P><DIV class="lightbox-wrapper"><span class="lia-inline-image-display-wrapper" image-alt="Screenshot 2023-05-26 195617"><img src="https://community.hpe.com/t5/image/serverpage/image-id/150135i324C0854F14C2DF2/image-size/large?v=v2&amp;px=2000" role="button" title="c1bed4eb6ef988553d3c6e502bfc787aa1e220ff.png" alt="c1bed4eb6ef988553d3c6e502bfc787aa1e220ff.png" /></span></DIV><BR /> and put additional parameter REQUIRED LDAP GROUP DN<BR /> <DIV class="lightbox-wrapper"><span class="lia-inline-image-display-wrapper" image-alt="Screenshot 2023-05-26 195545"><img src="https://community.hpe.com/t5/image/serverpage/image-id/149970i704E8A7BDC5E954D/image-size/large?v=v2&amp;px=2000" role="button" title="17196fbc6c780287ca6829c7f4e48bdc1e65dfe7.png" alt="17196fbc6c780287ca6829c7f4e48bdc1e65dfe7.png" /></span></DIV><BR /> but this doesnt work.<BR /> Question is above understanding correct regarding REQUIRED LDAP GROUP DN parameter?<BR /> If not, please help explain what REQUIRED LDAP GROUP DN for?<P></P> <P>Another question, we trying use ROLE MAPPINGS in right section , when we put LDAP DN member on SYSTEM ADMIN , but after logging in user still created as DEFAULT ROLE which is Standart User. Is it expected behaviour?</P> <P>For better understanding, this question come from my customer, they want to know what feature/capability of ldap integration, not much information with this parameter in morpheus doc.</P> Fri, 26 May 2023 13:58:31 GMT https://community.hpe.com/t5/hpe-morpheus-enterprise-software/ldap-integration-query/m-p/7247593#M767 Sam Shen_1 2023-05-26T13:58:31Z https://community.hpe.com/t5/hpe-morpheus-enterprise-software/ldap-integration-query/m-p/7247594#M768 <P>Hi CBunge ,<BR /> Thanks for response,<BR /> actually what we want to achive is create group of user with cn inside ou, and only allow those particular user with specified cn able to login.<BR /> I found discussion reference below</P><ASIDE class="quote quote-modified" data-post="1" data-topic="516"> <DIV class="title"> <DIV class="quote-controls"></DIV> <IMG loading="lazy" alt="" width="24" height="24" src="https://sea2.discourse-cdn.com/flex020/user_avatar/discuss.morpheusdata.com/lim900309/48/321_2.png" class="avatar" /> <A href="https://discuss.morpheusdata.com/t/i-want-to-know-how-to-integrated-hierarchical-structure-ldap-user/516">I want to know how to integrated hierarchical structure LDAP (user)</A> <A class="badge-category__wrapper " href="https://community.hpe.com/c/administration/14"><SPAN data-category-id="14" data-drop-close="true" class="badge-category " title="The Administration category is focused on the administrative settings and concepts within the Morpheus platform. This includes groups, users, roles, tenants, policies, plans &amp; pricing, reporting, and others."><SPAN class="badge-category__name">Administration</SPAN></SPAN></A> </DIV> <BLOCKQUOTE> LDAP integration is not described in detail in the official documentation. I looked at the post linked below and referenced it. <A href="https://support.morpheusdata.com/s/article/Tips-for-integrating-LDAP-and-LDAPS-identity-sources?language=en_US" class="onebox" target="_blank" rel="noopener nofollow ugc">https://support.morpheusdata.com/s/article/Tips-for-integrating-LDAP-and-LDAPS-identity-sources?language=en_US</A> <A name="the-ldap-hierarchical-structure-in-my-test-environment-is-as-follows-1" class="anchor" href="#the-ldap-hierarchical-structure-in-my-test-environment-is-as-follows-1"></A>The LDAP hierarchical structure in my test environment is as follows. <A name="dctcdclocal-ouou1-cngroup11-cnuser111-cnuser112-cngroup12-cnuser121-cnuser122-2" class="anchor" href="#dctcdclocal-ouou1-cngroup11-cnuser111-cnuser112-cngroup12-cnuser121-cnuser122-2"></A>dc=tc,dc=local ou=ou1 ㅡㄴcn=group11 ㅡㅡㄴcn=user111 ㅡㅡㄴcn=user112 ㅡㄴcn=group12 ㅡㅡㄴcn=user121 ㅡㅡㄴcn=user122 My goal is to register all 4 users. ( usre111 , user112 , user121, user122 … </BLOCKQUOTE> </ASIDE> <P>But when I put parameter “USER DN EXPRESSION” with cn specified as above discussion reference cn=$username,cn=group,ou=ou1,dc=tc,dc=local, it always give error, and couldnt do SAVE CHANGES.</P> <P>Any insight?</P> Mon, 29 May 2023 06:46:38 GMT https://community.hpe.com/t5/hpe-morpheus-enterprise-software/ldap-integration-query/m-p/7247594#M768 Sam Shen_1 2023-05-29T06:46:38Z https://community.hpe.com/t5/hpe-morpheus-enterprise-software/ldap-integration-query/m-p/7247595#M769 <P><CODE style="background : #f0f1f2;">Required Group</CODE> means everyone authenticating to Morpheus with your LDAP integration <STRONG>must</STRONG> belong to that group to even be able to log in.</P> <P>Now <CODE style="background : #f0f1f2;">Required Group</CODE> and <CODE style="background : #f0f1f2;">Role Mappings</CODE> both require group membership being passed and parsed correctly. At the lower left of the Identity Source you’ll see <CODE style="background : #f0f1f2;">LDAP Attribute Names</CODE> where you must define <CODE style="background : #f0f1f2;">Member of Attribute Name</CODE> (normally this is just ‘memberOf’):</P> <P><span class="lia-inline-image-display-wrapper" image-alt="image"><img src="https://community.hpe.com/t5/image/serverpage/image-id/150161i8930C260EFD449C5/image-size/large?v=v2&amp;px=2000" role="button" title="4feaa4feac4fc2bb50de0a9dfec0be0f8249f5a7.png" alt="4feaa4feac4fc2bb50de0a9dfec0be0f8249f5a7.png" /></span></P> Fri, 26 May 2023 14:04:39 GMT https://community.hpe.com/t5/hpe-morpheus-enterprise-software/ldap-integration-query/m-p/7247595#M769 cbunge 2023-05-26T14:04:39Z https://community.hpe.com/t5/hpe-morpheus-enterprise-software/ldap-integration-query/m-p/7247596#M770 <P>Your logs under Administration &gt; Health &gt; Morpheus Logs would give you more insight on why the save is possibly failing. It may be best to open a support ticket if you continue to have issues.</P> <P>Also, a note, if you are using OpenLDAP you’ll need to be on at least Morpheus 6.0.1 per that previously linked thread.</P> Tue, 30 May 2023 12:31:46 GMT https://community.hpe.com/t5/hpe-morpheus-enterprise-software/ldap-integration-query/m-p/7247596#M770 cbunge 2023-05-30T12:31:46Z