HPSA ldap_config and ldap_sync doesn't handle multiple ldap search statements.

  • Document ID:KM01009851
  • Creation Date:24-Jun-2014
  • Modified Date:07-Jun-2021
    • Micro Focus Products:
      server automation

Archived Content: This information is no longer maintained and is provided "as is" for your convenience.

Summary

When running ldap_config to configure aaa.ldap.search.filter.template if you configure multiple search statements only members of the first search statement are imported when ldap_sync is executed

Question

When running ldap_config to configure aaa.ldap.search.filter.template if you configure multiple search statements like this:


((&(sAMAccountName=$)(objectclass=user)(objectcategory=person)(memberof=CN=G-STRATAVIA-DEVELOPER-AMS-SYSTEMS,OU=Groups,OU=Enterprise,DC=company,DC=com))(&(sAMAccountName=$)(objectclass=user)(objectcategory=person)(memberof=CN=G-STRATAVIA-DEVELOPER-DBA,OU=Groups,OU=Enterprise,DC=company,DC=com))(&(sAMAccountName=$)(objectclass=user)(objectcategory=person)(memberof=CN=G-STRATAVIA-DEVELOPER-LAN,OU=Groups,OU=Enterprise,DC=company,DC=int))(&(sAMAccountName=$)(objectclass=user)(objectcategory=person)(memberof=CN=G-STRATAVIA-CLIENT-AMS-SYSTEMS,OU=Groups,OU=Enterprise,DC=company,DC=com))(&(sAMAccountName=$)(objectclass=user)(objectcategory=person)(memberof=CN=G-STRATAVIA-OPERATOR-AMS-SYSTEMS,OU=Groups,OU=Enterprise,DC=company,DC=com)))
Resulting LDAP Search Filter For All LDAP Users :
((&(sAMAccountName=*)(objectclass=user)(objectcategory=person)(memberof=CN=G-STRATAVIA-DEVELOPER-AMS-SYSTEMS,OU=Groups,OU=Enterprise,DC=company,DC=com))(&(sAMAccountName=$)(objectclass=user)(objectcategory=person)(memberof=CN=G-STRATAVIA-DEVELOPER-DBA,OU=Groups,OU=Enterprise,DC=company,DC=com))(&(sAMAccountName=$)(objectclass=user)(objectcategory=person)(memberof=CN=G-STRATAVIA-DEVELOPER-LAN,OU=Groups,OU=Enterprise,DC=company,DC=com))(&(sAMAccountName=$)(objectclass=user)(objectcategory=person)(memberof=CN=G-STRATAVIA-CLIENT-AMS-SYSTEMS,OU=Groups,OU=Enterprise,DC=company,DC=com))(&(sAMAccountName=$)(objectclass=user)(objectcategory=person)(memberof=CN=G-STRATAVIA-OPERATOR-AMS-SYSTEMS,OU=Groups,OU=Enterprise,DC=company,DC=com)))


Answer

If you notice the search filter created to import all users only changes the first search sAMAccountName=$ to sAMAccountName=*, all the rest are left with sAMAccountName=$.
When ldap_sync is executed only members of the first search statement are imported.

The Workaround is to change the search string during the ldap_config step to have sAMAccountName=* for all search statements instead of the sAMAccountName=$ which is the correct way to enter.