Security

Reply
Aruba

Re: LDAP Search Filter and @SEARCH@

Curious, on your LDAP server definition for Operator Logins, how are you specifying the GC port (3268) vs. LDAP (389).  Did you put it into the URL field itself?

 

You can also try and target the root domain in the URL to see if that helps.  I've seen odd issues without it in general (not specific to lookups).

 

ldap://dc1.domain.com/dc=domain,dc=com

 

 

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Contributor I

Re: LDAP Search Filter and @SEARCH@

Exactly I put it in as

 

ldap://dc1.domain.com:3268/dc=domain,dc=com

 

But now that I've been testing it looks like it might not be the global catalog but the subdomain added at the end.

 

So using the entry below

 

ldap://dc1.domain.com:3268/dc=domain,dc=com

 

I'm able to lookup entries across multiple subdomains but I get the error when I do a lookup for a non-valid entry

 

With this config

 

ldap://dc1.domain.com:3268/dc=subdomain,dc=domain,dc=com

 

I'm restricted to lookups within that subdomain but I do get the No User Found rather than the other Error.

 

I'm still tinkering with it to try and identify the exact issue.

Aruba

Re: LDAP Search Filter and @SEARCH@

not sure how many subdomains you have, but what if you add multiple operator servers for each of them.   Troy (if you're still listening), will sponsor lookup look through all the LDAP servers set for "User Search" or can you specifcy certain ones in the search2 function?

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Re: LDAP Search Filter and @SEARCH@

Just remember the help button has a lot of the how-tos.

 

Depending on what side of CPPM you are on it will pull the help for the page you are on. 

 

Here is a link to the ldap section just replace the CPPM with you server IP address.

 

https://CPPM/guest/help/Default.htm#OperatorLogins/ExternalOperatorAuthentication.htm%3FTocPath%3DOperator%20Logins%7CExternal%20Operator%20Authentication%7C_____0

 

screenshot_07 Feb. 13 23.04.gif

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor I

Re: LDAP Search Filter and @SEARCH@

Clembo,

 

I thought about that also. I created several LDAP instances that started at the subdomain level. However the issue is when I get to the Select2 Options in the Sponsor Lookup, I couldn't add two servers to the ajax.args.server. I tried with a comma with no luck. I also referenced the Select2 GitHub pages and couldn't find anything that would help.

 

http://ivaynberg.github.io/select2/

Regular Contributor I

Re: LDAP Search Filter and @SEARCH@

Hi Guys,

I have a some issue with this function.

 

when perform a lookup, i don't receive a string value... and i don't receive the sponsor's email but the name.
(this is the biggest problem)

 

the idea is that if a guest write sponsors's name for example "Jhon" he receiving a list of possible choices like:
jhon.smith@company.com
jhon.brown@company.com
jhon.anderson@company.com.

 

and he can select one.
the lookup have to be done with the criteria is member of "sponsor gruop"?

 

can you help me?

 

thanks in advance

Best regards

Andrea
Guru Elite

Re: LDAP Search Filter and @SEARCH@

Andrea,

 

In CPPM Guest, go to Administration> Plugin Manager> LDAP Sponsor Lookup.  Click on the Configuration button.  What settings do you have there?

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Regular Contributor I

Re: LDAP Search Filter and @SEARCH@

Hi Andrea,

 

check your LDAP config in the Administrations | Operators login | servers.

check the server URL and put something like this,

ldap://dc01.*****.co.id/dc=******,dc=co,dc=id (dc01 is your primary dc server and change the stars to your domain name). dont put the sub-group here, it wont work.

 

my implementation was pretty much like yours, you can try my rules:

 

(&
(objectClass=user)(objectCategory=person)
(|

(memberOf=CN=Sponsor Aruba,OU=Groups,DC=*****,DC=co,DC=id) #change stars to your domain name
)
(|
(cn=*@SEARCH@*)
)
)

 

good luck,

Ricky E. Lie

Ricky E. Lee
CWNA | ACMP | ACCP
Contributor I

Re: LDAP Search Filter and @SEARCH@

Andrea,

 

I think you will have a combination of things. There will be the value that you search against, and then there is the value you are displaying to the user. These are independently configured, however they can be the same criteria. First is your search.
You'll want to do a custom LDAP filter under User Serach.  I use the following. However you'll be interested in the @SEARCH@. This is the string you will search against. Use the attribute that you want to do the lookups against. In this case I'm using email addresses. I'm also forcing the user to enter an exact email address with the @SEARCH@. If you want to return results as the user types in the criteria, then use the *@SEARCH@*

 

(&
  (objectClass=user)
  (objectCategory=person)
  (|
    # Match users in any of these groups
(memberOf=CN=group,DC=xx,DC=company,DC=com)
  )
  (|
    # Match users by any of these criteria
     #(mail=@SEARCH@)
      (proxyAddresses=smtp:@SEARCH@)
  )
)

 

Now you have the seperate issue of display. This is configured under Display Attributes

 

Here enter the attributes you want to display as your match is made. For example.

displayName= text
company=desc

 

 

So in your case, since you are searching on name you may want to use something like displayName=*@SEARCH@* in the search section.

 

In the display section since you only want to return the emails, then use something like

mail=text

Regular Contributor I

Re: LDAP Search Filter and @SEARCH@

Hi,
thank you, i hope that in the next days i will be able to try this solution.


jobrafi wrote:

Andrea,

 

I think you will have a combination of things. There will be the value that you search against, and then there is the value you are displaying to the user. These are independently configured, however they can be the same criteria. First is your search.
You'll want to do a custom LDAP filter under User Serach.  I use the following. However you'll be interested in the @SEARCH@. This is the string you will search against. Use the attribute that you want to do the lookups against. In this case I'm using email addresses. I'm also forcing the user to enter an exact email address with the @SEARCH@. If you want to return results as the user types in the criteria, then use the *@SEARCH@*

 

(&
  (objectClass=user)
  (objectCategory=person)
  (|
    # Match users in any of these groups
(memberOf=CN=group,DC=xx,DC=company,DC=com)
  )
  (|
    # Match users by any of these criteria
     #(mail=@SEARCH@)
      (proxyAddresses=smtp:@SEARCH@)
  )
)

 

Now you have the seperate issue of display. This is configured under Display Attributes

 

Here enter the attributes you want to display as your match is made. For example.

displayName= text
company=desc

 

 

So in your case, since you are searching on name you may want to use something like displayName=*@SEARCH@* in the search section.

 

In the display section since you only want to return the emails, then use something like

mail=text


 

Andrea
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: