HPE Community
HPE Morpheus Enterprise
1834939 Members
2420 Online
110071 Solutions
New Discussion

LDAP integration query

 
Sam Shen_1
Advisor

‎05-26-2023 06:58 AM

‎05-26-2023 06:58 AM

LDAP integration query

Hi Expert, I have question regarding LDAP integration.
We have successfully integrate with LDAP with below, and user LDAP can logging in

950851e6ef9dd97c67d9bd7e2515d77807cc26e1.png

Now customer has additional requirement to smaller group of users and create cn in ldap, ou=KAWAN_GROUPS & cn=SP

c1bed4eb6ef988553d3c6e502bfc787aa1e220ff.png

and put additional parameter REQUIRED LDAP GROUP DN
17196fbc6c780287ca6829c7f4e48bdc1e65dfe7.png

but this doesnt work.
Question is above understanding correct regarding REQUIRED LDAP GROUP DN parameter?
If not, please help explain what REQUIRED LDAP GROUP DN for?

Another question, we trying use ROLE MAPPINGS in right section , when we put LDAP DN member on SYSTEM ADMIN , but after logging in user still created as DEFAULT ROLE which is Standart User. Is it expected behaviour?

For better understanding, this question come from my customer, they want to know what feature/capability of ldap integration, not much information with this parameter in morpheus doc.

0 Kudos
Reply
3 REPLIES 3
Sam Shen_1
Advisor

‎05-28-2023 11:46 PM

‎05-28-2023 11:46 PM

Re: LDAP integration query

Hi CBunge ,
Thanks for response,
actually what we want to achive is create group of user with cn inside ou, and only allow those particular user with specified cn able to login.
I found discussion reference below

But when I put parameter “USER DN EXPRESSION” with cn specified as above discussion reference cn=$username,cn=group,ou=ou1,dc=tc,dc=local, it always give error, and couldnt do SAVE CHANGES.

Any insight?

0 Kudos
Reply
cbunge
HPE Pro

‎05-26-2023 07:04 AM

‎05-26-2023 07:04 AM

Re: LDAP integration query

Required Group means everyone authenticating to Morpheus with your LDAP integration must belong to that group to even be able to log in.

Now Required Group and Role Mappings both require group membership being passed and parsed correctly. At the lower left of the Identity Source you’ll see LDAP Attribute Names where you must define Member of Attribute Name (normally this is just ‘memberOf’):

4feaa4feac4fc2bb50de0a9dfec0be0f8249f5a7.png

0 Kudos
Reply
cbunge
HPE Pro

‎05-30-2023 05:31 AM

‎05-30-2023 05:31 AM

Re: LDAP integration query

Your logs under Administration > Health > Morpheus Logs would give you more insight on why the save is possibly failing. It may be best to open a support ticket if you continue to have issues.

Also, a note, if you are using OpenLDAP you’ll need to be on at least Morpheus 6.0.1 per that previously linked thread.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.