Hi,
It sounds like you might be specifying too granular an LDAP Base Distinguished Name to me. Let's look at an example:
Groups
cn=support, ou=customer assurance, o=sap
cn=sales, ou=sales, o=sap
LDAP Plugin Properties
Base LDAP Distinguished Name = ou=customer assurance, o=sap
LDAP server administrator distinguished name = cn=jrapp, ou=customer assurance, o=sap
Since we map in the groups by their full Distinguished Name, and the user 'jrapp' has permissions to query the root of the LDAP server, both groups and users are created successfully. However, because the Base DN is set at ou=customer assurance, o=sap instead of o=sap, users from the OU 'sales' will need to log in using their complete DN (i.e. cn=bmathew, ou=sales, o=sap).
Try having a user who is in the 2nd OU log in with the complete DN for their user account. If that works, you'll know that you need to do 1 of 2 things:
1. Set the base DN to a less granular level (o=sap instead of ou=customer assurance, o=sap)
2. The user you have specified for the Administrator DN does not have appropriate permissions to query the 2nd OU
Feel free to provide the exact entries as they appear on your LDAP tab if this doesn't prove to solve the problem.
Thanks,
Jim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.