Your LDAP config seems to be OK, 0 user objects found

Hi Everyone,

I’m facing an issue on Privacyidea when it comes to work with the Ldapresolver, I’ve just installed the solution and it seems that the LDAP resolver can get my user list however it seems to be connected, as it give the message “Your LDAP config seems to be OK, 0 user objects found.”
while i was trying to resolve the issue i’ve found that in the privacyidea.log file, the line bellow seems to be repeated a lot.

[2020-04-24 13:58:16,875][980][140389659055872][WARNING][privacyidea.lib.resolvers.LDAPIdResolver:1039] Error during fetching LDAP objects: TypeError(“a bytes-like object is required, not ‘str’”,)
i’m using Privacyidea 3.3 installed on ubuntu 18.04 and the LDAP is a windows 2012 r2 server that contains the Active Directory.
Could you please help
Regards,

The community needs more information about the configuration of your LDAP resolver.
Probably especially about the attribute mapping.

Also if possible, do not only post a single line from the log file.

Hi cornelinux,
thanks for the quick responding

sorry, I’ve hided some information due to its sensitivity, in the in server URL, I’ve set the IP address of my DC.
Base DN = the Distingueshed name of the OU i wanted to use.
Bind DN = thedomain\administrator_user
bellow header of the log file:
admin@otpserver:~$ more /var/log/privacyidea/privacyidea.log
[2020-04-24 10:53:17,194][5205][140608342173440][INFO][privacyidea.lib.pooling:119] Created a new engine registry: <privacyidea.lib.pooling.SharedEngineRegistry object at 0
x7fe1e5b5ab38>
[2020-04-24 10:53:17,194][5205][140608342173440][INFO][privacyidea.lib.pooling:84] Creating a new engine and connection pool for key sqlaudit
[2020-04-24 11:25:45,744][5205][140608434493184][INFO][privacyidea.lib.crypto:781] initializing HSM class: <class ‘privacyidea.lib.security.default.DefaultSecurityModule’>
[2020-04-24 11:25:45,744][5205][140608434493184][INFO][privacyidea.lib.crypto:220] Initialized HSM object {‘obj’: <privacyidea.lib.security.default.DefaultSecurityModule ob
ject at 0x7fe1e5be2278>}
[2020-04-24 11:25:45,757][5205][140608434493184][INFO][privacyidea.lib.tokens.vasco:56] PI_VASCO_LIBRARY option is not set, functionality disabled
[2020-04-24 11:41:32,235][5205][140608417707776][INFO][privacyidea.lib.usercache:107] Deleted 0 entries from the user cache (resolver=‘win2012’, username=None, expired=None
)
[2020-04-24 11:43:46,031][5205][140608417707776][WARNING][privacyidea.lib.resolvers.LDAPIdResolver:1039] Error during fetching LDAP objects: TypeError("a bytes-like object
is required, not ‘str’",)
[2020-04-24 11:43:46,031][5205][140608417707776][WARNING][privacyidea.lib.resolvers.LDAPIdResolver:1039] Error during fetching LDAP objects: TypeError("a bytes-like object
is required, not ‘str’",)
[2020-04-24 11:43:46,032][5205][140608417707776][WARNING][privacyidea.lib.resolvers.LDAPIdResolver:1039] Error during fetching LDAP objects: TypeError("a bytes-like object
is required, not ‘str’",)
[2020-04-24 11:43:46,032][5205][140608417707776][WARNING][privacyidea.lib.resolvers.LDAPIdResolver:1039] Error during fetching LDAP objects: TypeError("a bytes-like object
is required, not ‘str’",)

and this line is repeated tell the end. and with every time I test the connection i get this error message bellow the last logs i got.

admin@otpserver :~$ tail -f /var/log/privacyidea/privacyidea.log
[2020-04-24 14:59:50,519][980][140389659055872][WARNING][privacyidea.lib.resolvers.LDAPIdResolver:1039] Error during fetching LDAP objects: TypeError(“a bytes-like object is required, not ‘str’”,)
[2020-04-24 14:59:50,519][980][140389659055872][WARNING][privacyidea.lib.resolvers.LDAPIdResolver:1039] Error during fetching LDAP objects: TypeError(“a bytes-like object is required, not ‘str’”,)
[2020-04-24 14:59:50,520][980][140389659055872][WARNING][privacyidea.lib.resolvers.LDAPIdResolver:1039] Error during fetching LDAP objects: TypeError(“a bytes-like object is required, not ‘str’”,)
[2020-04-24 14:59:50,520][980][140389659055872][WARNING][privacyidea.lib.resolvers.LDAPIdResolver:1039] Error during fetching LDAP objects: TypeError(“a bytes-like object is required, not ‘str’”,)
[2020-04-24 14:59:50,520][980][140389659055872][WARNING][privacyidea.lib.resolvers.LDAPIdResolver:1039] Error during fetching LDAP objects: TypeError(“a bytes-like object is required, not ‘str’”,)
[2020-04-24 14:59:50,520][980][140389659055872][WARNING][privacyidea.lib.resolvers.LDAPIdResolver:1039] Error during fetching LDAP objects: TypeError(“a bytes-like object is required, not ‘str’”,)

Please do so following:

1. Check your LDAP Attribute mapping
2. Activate the Debug level
3. Check the traceback output in the privacyidea.log behind the Warning about the bytes-like object.

Hi cornelinux,

I’ve activated the debug and this what i got.

• [2020-04-25 12:20:58,111][1040][140179219769088][DEBUG][privacyidea.api.before_after:84] Begin handling of request ‘/resolver/test?’
• [2020-04-25 12:20:58,111][1040][140179219769088][DEBUG][privacyidea.api.before_after:84] Begin handling of request ‘/resolver/test?’
• [2020-04-25 12:20:58,120][1040][140179219769088][DEBUG][privacyidea.lib.user:186] Entering get_user_from_param with arguments ({‘AUTHTYPE’: ‘Simple’, ‘BINDDN’: ‘mydomaine\admin’, ‘BINDPW’: ‘CENSORED’, ‘CACHE_TIMEOUT’: ‘120’, ‘EDITABLE’: False, ‘LDAPBASE’: ‘ou=Users,dc=cloud,dc=deloitte,dc=fr’, ‘LDAPSEARCHFILTER’: ‘(sAMAccountName=)(objectClass=person)’, ‘LDAPURI’: ‘ldap://192.168.1.1’, ‘LOGINNAMEATTRIBUTE’: ‘sAMAccountName’, ‘NOREFERRALS’: True, ‘NOSCHEMAS’: True, ‘SCOPE’: ‘SUBTREE’, ‘SERVERPOOL_PERSISTENT’: False, ‘SERVERPOOL_ROUNDS’: ‘2’, ‘SERVERPOOL_SKIP’: ‘30’, ‘SIZELIMIT’: 0, ‘START_TLS’: True, ‘TIMEOUT’: ‘5’, ‘TLS_VERIFY’: False, ‘UIDTYPE’: ‘objectGUID’, ‘USERINFO’: ‘{ “phone” : “telephoneNumber”, “mobile” : “mobile”, “email” : “mail”, “surname” : “sn”, “givenname” : “givenName” }’, ‘type’: ‘ldapresolver’, ‘resolver’: ‘win2012’},) and keywords {}
• [2020-04-25 12:20:58,120][1040][140179219769088][DEBUG][privacyidea.lib.user:186] Entering get_user_from_param with arguments ({‘AUTHTYPE’: ‘Simple’, ‘BINDDN’: ‘mydomaine\admin’, ‘BINDPW’: ‘CENSORED’, ‘CACHE_TIMEOUT’: ‘120’, ‘EDITABLE’: False, ‘LDAPBASE’: ‘ou=Users,dc=cloud,dc=mydomaine,dc=com’, ‘LDAPSEARCHFILTER’: '(sAMAccountName=)(objectClass=person)’, ‘LDAPURI’: ‘ldap://192.168.1.1’, ‘LOGINNAMEATTRIBUTE’: ‘sAMAccountName’, ‘NOREFERRALS’: True, ‘NOSCHEMAS’: True, ‘SCOPE’: ‘SUBTREE’, ‘SERVERPOOL_PERSISTENT’: False, ‘SERVERPOOL_ROUNDS’: ‘2’, ‘SERVERPOOL_SKIP’: ‘30’, ‘SIZELIMIT’: 0, ‘START_TLS’: True, ‘TIMEOUT’: ‘5’, ‘TLS_VERIFY’: False, ‘UIDTYPE’: ‘objectGUID’, ‘USERINFO’: ‘{ “phone” : “telephoneNumber”, “mobile” : “mobile”, “email” : “mail”, “surname” : “sn”, “givenname” : “givenName” }’, ‘type’: ‘ldapresolver’, ‘resolver’: ‘win2012’},) and keywords {}
• [2020-04-25 12:20:58,121][1040][140179219769088][DEBUG][privacyidea.lib.user:186] Entering init with arguments (User(login=’’, realm=’’, resolver=’’),) and keywords {‘login’: ‘’, ‘realm’: ‘’, ‘resolver’: ‘win2012’}
• [2020-04-25 12:20:58,121][1040][140179219769088][DEBUG][privacyidea.lib.user:186] Entering init with arguments (User(login=’’, realm=’’, resolver=’’),) and keywords {‘login’: ‘’, ‘realm’: ‘’, ‘resolver’: ‘win2012’}
• [2020-04-25 12:20:58,121][1040][140179219769088][DEBUG][privacyidea.lib.user:198] Exiting init with result None
• [2020-04-25 12:20:58,121][1040][140179219769088][DEBUG][privacyidea.lib.user:198] Exiting init with result None
• [2020-04-25 12:20:58,121][1040][140179219769088][DEBUG][privacyidea.lib.user:198] Exiting get_user_from_param with result
• [2020-04-25 12:20:58,121][1040][140179219769088][DEBUG][privacyidea.lib.user:198] Exiting get_user_from_param with result
• [2020-04-25 12:20:58,121][1040][140179219769088][DEBUG][privacyidea.lib.audit:189] Entering getAudit with arguments HIDDEN and keywords HIDDEN
• [2020-04-25 12:20:58,121][1040][140179219769088][DEBUG][privacyidea.lib.audit:189] Entering getAudit with arguments HIDDEN and keywords HIDDEN
• [2020-04-25 12:20:58,122][1040][140179219769088][DEBUG][privacyidea.lib.utils:1198] klass: <class ‘privacyidea.lib.auditmodules.sqlaudit.Audit’>
• [2020-04-25 12:20:58,122][1040][140179219769088][DEBUG][privacyidea.lib.utils:1198] klass: <class ‘privacyidea.lib.auditmodules.sqlaudit.Audit’>
• [2020-04-25 12:20:58,122][1040][140179219769088][DEBUG][privacyidea.lib.auditmodules.base:186] Entering read_keys with arguments (<privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f7df8602a58>, ‘/etc/privacyidea/public.pem’, ‘/etc/privacyidea/private.pem’) and keywords {}
• [2020-04-25 12:20:58,122][1040][140179219769088][DEBUG][privacyidea.lib.auditmodules.base:186] Entering read_keys with arguments (<privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f7df8602a58>, ‘/etc/privacyidea/public.pem’, ‘/etc/privacyidea/private.pem’) and keywords {}
• [2020-04-25 12:20:58,122][1040][140179219769088][DEBUG][privacyidea.lib.auditmodules.base:198] Exiting read_keys with result None
• [2020-04-25 12:20:58,122][1040][140179219769088][DEBUG][privacyidea.lib.auditmodules.base:198] Exiting read_keys with result None
• [2020-04-25 12:20:58,123][1040][140179219769088][DEBUG][privacyidea.lib.audit:198] Exiting getAudit with result <privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f7df8602a58>
• [2020-04-25 12:20:58,123][1040][140179219769088][DEBUG][privacyidea.lib.audit:198] Exiting getAudit with result <privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f7df8602a58>
• [2020-04-25 12:20:58,123][1040][140179219769088][DEBUG][privacyidea.lib.config:186] Entering get_from_config with arguments (‘OverrideAuthorizationClient’,) and keywords {}
• [2020-04-25 12:20:58,123][1040][140179219769088][DEBUG][privacyidea.lib.config:186] Entering get_from_config with arguments (‘OverrideAuthorizationClient’,) and keywords {}
• [2020-04-25 12:20:58,123][1040][140179219769088][DEBUG][privacyidea.lib.config:323] Cloning request-local config from shared config object
• [2020-04-25 12:20:58,123][1040][140179219769088][DEBUG][privacyidea.lib.config:323] Cloning request-local config from shared config object
• [2020-04-25 12:20:58,126][1040][140179219769088][DEBUG][privacyidea.lib.config:198] Exiting get_from_config with result None
• [2020-04-25 12:20:58,126][1040][140179219769088][DEBUG][privacyidea.lib.config:198] Exiting get_from_config with result None
• [2020-04-25 12:20:58,126][1040][140179219769088][DEBUG][privacyidea.lib.auditmodules.base:186] Entering log with arguments (<privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f7df8602a58>, {‘success’: False, ‘serial’: None, ‘user’: None, ‘realm’: None, ‘resolver’: ‘win2012’, ‘token_type’: None, ‘client’: ‘191.168.1.143’, ‘client_user_agent’: ‘chrome’, ‘privacyidea_server’: ‘192.168.30.76’, ‘action’: ‘POST /resolver/test’, ‘action_detail’: ‘’, ‘info’: ‘’}) and keywords {}
• [2020-04-25 12:20:58,126][1040][140179219769088][DEBUG][privacyidea.lib.auditmodules.base:186] Entering log with arguments (<privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f7df8602a58>, {‘success’: False, ‘serial’: None, ‘user’: None, ‘realm’: None, ‘resolver’: ‘win2012’, ‘token_type’: None, ‘client’: ‘191.168.1.143’, ‘client_user_agent’: ‘chrome’, ‘privacyidea_server’: ‘192.168.30.76’, ‘action’: ‘POST /resolver/test’, ‘action_detail’: ‘’, ‘info’: ‘’}) and keywords {}
• [2020-04-25 12:20:58,127][1040][140179219769088][DEBUG][privacyidea.lib.auditmodules.base:198] Exiting log with result None
• [2020-04-25 12:20:58,127][1040][140179219769088][DEBUG][privacyidea.lib.auditmodules.base:198] Exiting log with result None
• [2020-04-25 12:20:58,127][1040][140179219769088][DEBUG][privacyidea.lib.auditmodules.base:186] Entering log with arguments (<privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f7df8602a58>, {‘administrator’: ‘admin’}) and keywords {}
• [2020-04-25 12:20:58,127][1040][140179219769088][DEBUG][privacyidea.lib.auditmodules.base:186] Entering log with arguments (<privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f7df8602a58>, {‘administrator’: ‘admin’}) and keywords {}
• [2020-04-25 12:20:58,127][1040][140179219769088][DEBUG][privacyidea.lib.auditmodules.base:198] Exiting log with result None
• [2020-04-25 12:20:58,127][1040][140179219769088][DEBUG][privacyidea.lib.auditmodules.base:198] Exiting log with result None
• [2020-04-25 12:20:58,127][1040][140179219769088][DEBUG][privacyidea.api.resolver:186] Entering test_resolver with arguments () and keywords {}
• [2020-04-25 12:20:58,127][1040][140179219769088][DEBUG][privacyidea.api.resolver:186] Entering test_resolver with arguments () and keywords {}
• [2020-04-25 12:20:58,127][1040][140179219769088][DEBUG][privacyidea.lib.policy:186] Entering list_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7f7df8602ba8>,) and keywords {‘name’: None, ‘scope’: ‘admin’, ‘realm’: None, ‘active’: True, ‘resolver’: ‘win2012’, ‘user’: None, ‘client’: ‘191.168.1.143’, ‘action’: ‘resolverwrite’, ‘adminrealm’: ‘’, ‘adminuser’: ‘admin’, ‘sort_by_priority’: True}
• [2020-04-25 12:20:58,127][1040][140179219769088][DEBUG][privacyidea.lib.policy:186] Entering list_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7f7df8602ba8>,) and keywords {‘name’: None, ‘scope’: ‘admin’, ‘realm’: None, ‘active’: True, ‘resolver’: ‘win2012’, ‘user’: None, ‘client’: ‘191.168.1.143’, ‘action’: ‘resolverwrite’, ‘adminrealm’: ‘’, ‘adminuser’: ‘admin’, ‘sort_by_priority’: True}
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:526] Policies after matching active: []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:526] Policies after matching active: []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:526] Policies after matching scope: []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:526] Policies after matching scope: []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:551] Policies after matching action: []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:551] Policies after matching action: []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:551] Policies after matching adminrealm: []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:551] Policies after matching adminrealm: []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:551] Policies after matching adminuser: []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:551] Policies after matching adminuser: []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:586] Policies after matching resolver: []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:586] Policies after matching resolver: []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:617] Policies after matching client: []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:617] Policies after matching client: []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:198] Exiting list_policies with result []
• [2020-04-25 12:20:58,128][1040][140179219769088][DEBUG][privacyidea.lib.policy:198] Exiting list_policies with result []
• [2020-04-25 12:20:58,129][1040][140179219769088][DEBUG][privacyidea.lib.policy:683] Policies after matching time: []
• [2020-04-25 12:20:58,129][1040][140179219769088][DEBUG][privacyidea.lib.policy:683] Policies after matching time: []
• [2020-04-25 12:20:58,129][1040][140179219769088][DEBUG][privacyidea.lib.policy:688] Policies after matching conditions
• [2020-04-25 12:20:58,129][1040][140179219769088][DEBUG][privacyidea.lib.policy:688] Policies after matching conditions
• [2020-04-25 12:20:58,129][1040][140179219769088][DEBUG][privacyidea.lib.policy:186] Entering list_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7f7df8602ba8>,) and keywords {‘scope’: ‘admin’, ‘active’: True}
• [2020-04-25 12:20:58,129][1040][140179219769088][DEBUG][privacyidea.lib.policy:186] Entering list_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7f7df8602ba8>,) and keywords {‘scope’: ‘admin’, ‘active’: True}
• [2020-04-25 12:20:58,129][1040][140179219769088][DEBUG][privacyidea.lib.policy:526] Policies after matching active: []
• [2020-04-25 12:20:58,129][1040][140179219769088][DEBUG][privacyidea.lib.policy:526] Policies after matching active: []
• [2020-04-25 12:20:58,129][1040][140179219769088][DEBUG][privacyidea.lib.policy:526] Policies after matching scope: []
• [2020-04-25 12:20:58,129][1040][140179219769088][DEBUG][privacyidea.lib.policy:526] Policies after matching scope: []
• [2020-04-25 12:20:58,129][1040][140179219769088][DEBUG][privacyidea.lib.policy:198] Exiting list_policies with result []
• [2020-04-25 12:20:58,129][1040][140179219769088][DEBUG][privacyidea.lib.policy:198] Exiting list_policies with result []
• [2020-04-25 12:20:58,130][1040][140179219769088][DEBUG][privacyidea.lib.resolver:186] Entering pretestresolver with arguments (‘ldapresolver’, {‘AUTHTYPE’: ‘Simple’, ‘BINDDN’: ‘mydomaine\admin’, ‘BINDPW’: ‘CENSORED’, ‘CACHE_TIMEOUT’: ‘120’, ‘EDITABLE’: False, ‘LDAPBASE’: ‘ou=Users,dc=cloud,dc=deloitte,dc=fr’, ‘LDAPSEARCHFILTER’: ‘(sAMAccountName=)(objectClass=person)’, ‘LDAPURI’: ‘ldap://192.168.1.1’, ‘LOGINNAMEATTRIBUTE’: ‘sAMAccountName’, ‘NOREFERRALS’: True, ‘NOSCHEMAS’: True, ‘SCOPE’: ‘SUBTREE’, ‘SERVERPOOL_PERSISTENT’: False, ‘SERVERPOOL_ROUNDS’: ‘2’, ‘SERVERPOOL_SKIP’: ‘30’, ‘SIZELIMIT’: 0, ‘START_TLS’: True, ‘TIMEOUT’: ‘5’, ‘TLS_VERIFY’: False, ‘UIDTYPE’: ‘objectGUID’, ‘USERINFO’: ‘{ “phone” : “telephoneNumber”, “mobile” : “mobile”, “email” : “mail”, “surname” : “sn”, “givenname” : “givenName” }’, ‘type’: ‘ldapresolver’, ‘resolver’: ‘win2012’}) and keywords {}
• [2020-04-25 12:20:58,130][1040][140179219769088][DEBUG][privacyidea.lib.resolver:186] Entering pretestresolver with arguments (‘ldapresolver’, {‘AUTHTYPE’: ‘Simple’, ‘BINDDN’: ‘mydomaine\admin’, ‘BINDPW’: ‘CENSORED’, ‘CACHE_TIMEOUT’: ‘120’, ‘EDITABLE’: False, ‘LDAPBASE’: ‘ou=Users,dc=cloud,dc=deloitte,dc=fr’, ‘LDAPSEARCHFILTER’: '(sAMAccountName=)(objectClass=person)’, ‘LDAPURI’: ‘ldap://192.168.1.1’, ‘LOGINNAMEATTRIBUTE’: ‘sAMAccountName’, ‘NOREFERRALS’: True, ‘NOSCHEMAS’: True, ‘SCOPE’: ‘SUBTREE’, ‘SERVERPOOL_PERSISTENT’: False, ‘SERVERPOOL_ROUNDS’: ‘2’, ‘SERVERPOOL_SKIP’: ‘30’, ‘SIZELIMIT’: 0, ‘START_TLS’: True, ‘TIMEOUT’: ‘5’, ‘TLS_VERIFY’: False, ‘UIDTYPE’: ‘objectGUID’, ‘USERINFO’: ‘{ “phone” : “telephoneNumber”, “mobile” : “mobile”, “email” : “mail”, “surname” : “sn”, “givenname” : “givenName” }’, ‘type’: ‘ldapresolver’, ‘resolver’: ‘win2012’}) and keywords {}
• [2020-04-25 12:20:58,130][1040][140179219769088][DEBUG][privacyidea.lib.resolver:186] Entering get_resolver_list with arguments () and keywords {‘filter_resolver_name’: ‘win2012’}
• [2020-04-25 12:20:58,130][1040][140179219769088][DEBUG][privacyidea.lib.resolver:186] Entering get_resolver_list with arguments () and keywords {‘filter_resolver_name’: ‘win2012’}
• [2020-04-25 12:20:58,130][1040][140179219769088][DEBUG][privacyidea.lib.resolver:200] Exiting get_resolver_list with result HIDDEN
• [2020-04-25 12:20:58,130][1040][140179219769088][DEBUG][privacyidea.lib.resolver:200] Exiting get_resolver_list with result HIDDEN
• [2020-04-25 12:20:58,130][1040][140179219769088][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:173] Get LDAP schema info: ‘NO_INFO’
• [2020-04-25 12:20:58,130][1040][140179219769088][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:173] Get LDAP schema info: ‘NO_INFO’
• [2020-04-25 12:20:58,130][1040][140179219769088][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:869] Added 192.168.1.1, None, False to server pool.
• [2020-04-25 12:20:58,130][1040][140179219769088][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:869] Added 192.168.1.1, None, False to server pool.
• [2020-04-25 12:20:58,133][1040][140179219769088][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:1276] Doing start_tls
• [2020-04-25 12:20:58,133][1040][140179219769088][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:1276] Doing start_tls
• [2020-04-25 12:20:58,150][1040][140179219769088][DEBUG][privacyidea.lib.resolver:198] Exiting pretestresolver with result (True, ‘Your LDAP config seems to be OK, 0 user objects found.’)
• [2020-04-25 12:20:58,150][1040][140179219769088][DEBUG][privacyidea.lib.resolver:198] Exiting pretestresolver with result (True, ‘Your LDAP config seems to be OK, 0 user objects found.’)
• [2020-04-25 12:20:58,152][1040][140179219769088][DEBUG][privacyidea.api.resolver:198] Exiting test_resolver with result <PiResponseClass 248 bytes [200 OK]>
• [2020-04-25 12:20:58,152][1040][140179219769088][DEBUG][privacyidea.api.resolver:198] Exiting test_resolver with result <PiResponseClass 248 bytes [200 OK]>
• [2020-04-25 12:20:58,186][1040][140179219769088][DEBUG][privacyidea.api.before_after:90] End handling of request ‘/resolver/test?’
• [2020-04-25 12:20:58,186][1040][1401792197690

Make sure the bottom part of the ldapresolver has this

Keycloak will not sync users with Windows AD unless this attribute used…

Also, what happens when you take out CN=Users in the Base DN field?
What happens when you replace it with OU=?

Hi Henry,

I’ve triedboth preset OpenLDAP and Preset Active Directory, the resolver behave the same way connection is ok but can’t retrieve users.
also when i use “OU” instead of “CN” or remove it from the DN, I got the same results.
Thanks,

“Users” is NOT a OU under Windows AD…

Right-click your domain name in Active Directory Users and Computers.
Create a new OU (let’s say TestOU). Open it and create a new user inside…

Not run the same procedure with OU=TestOU (instead of CN=Users).
You must be able to see and import the new user…

Hello Henry,

I did what you recommended to do still the same result
Thanks,

You probably overcomplicated your settings. I would recommend to go back to the start and start with a simple, basic configuration, which works. Then you can drill deeper.

Note: If you tried both, “OpenLDAP” and “Active Directory” and you are running AD 2012, you probably to not know a lot about LDAP, schema and attributes. Maybe you can find a colleague to improve your basic understanding. Of course AD will never ever work with OpenLDAP settings. The attributes used by OpenLDAP are usually not available in an active directory.

So you should use this basic setting:

• URI: ldap://yourserver
• StartTLS [x] (AD requires this)
• VerifyTLS [ ] (empty)
• BaseDN: DC=yourdomain,DC=yourTLS (**As you are confusing the DNs of your objects and containers, go for the very root node of your AD! - You can strip this down later)
• Scope: SUBTREE
• BindDN/BindPassword: I think you confugured this correctly - otherwise you would have gotten a access failure.
• BindType: Simple!
• Preset Active Directory in the Attribute mapping and do not change anything.
• No anonymous referral chasing [x]

Hit the buttom “Quick Resolver Test”. This will limit the users to be found to 1 (“one”).
Then you can check with “Resolver Test”.

Hi Cornelinus,

it’s wierd, 'ive check the AD server and boths ports (389,636) are opened, some apps already use the LDAP information in our infrastructure like Pfsense. I also did a telnet checks on the server ports from the OTP server and it’s working… about your reply i’m a bit confused about this one: **BaseDN: DC=yourdomain,DC=yourTLS (As you are confusing the DNs of your objects and containers, go for the very root node of your AD! - You can strip this down later)
just to let you knew I’ve made sure that im using the DN, using the app ldp on windows thats shows correctly the DN of an object or in ACTIVE directory while searching for an object.

Hi Everyone;
Thanks for your help.
I had installed Privacyidea server on Centos 7 and my LDAP resolver works now. FYI I did’nt change the config, it was the same is used for Ubuntu.
for the moment I will need to install privacyidea freeraduis. as need to install a privacyidea server to manage OTP in my connection to my openvpn pfsense with windows AD authentication based. is it possible to install Privacy freeraduis on Centos 7?