mlbiam
commented
4 years ago What does your LDAPSearch look like? are you requesting specific attributes?
Closed tjclayton closed 4 years ago
mlbiam
commented
4 years ago What does your LDAPSearch look like? are you requesting specific attributes?
tjclayton
commented
4 years ago Either just browsing or a simple search like (uid=afuller). I am not specifying attributes for the search. When I do, though, I still get no values. I can capture some logging if that would help.
mlbiam
commented
4 years ago please. one thing that might help too is adding the "Attributes Cleaner" insert with clearAttributes set to true on the global chain (https://portal.apps.tremolo.io/docs/tremolosecurity-docs/myvd/1.0.9/myvd.html#mapping-inserts).
tjclayton
commented
4 years ago OK. I will give that a shot. Here is the log for what I have so far. Thanks for the help. myvd.log
tjclayton
commented
4 years ago Adding clearAttributes seems to have done the trick. I'm not 100% sure why it is needed, though, but I will include it going forward. Thanks for the help.
Here is the latest config:
server.listener.port=10983
#Configure global chains
server.globalChain=LogAllTransactions,CleanAttribs
server.globalChain.LogAllTransactions.className=net.sourceforge.myvd.inserts.DumpTransaction
server.globalChain.LogAllTransactions.config.logLevel=info
server.globalChain.LogAllTransactions.config.label=Global
server.globalChain.CleanAttribs.className=net.sourceforge.myvd.inserts.mapping.AttributeCleaner
server.globalChain.CleanAttribs.config.clearAttributes=true
#Namespaces
server.nameSpaces=Root,BaseServer2,BaseServer,GlobalJoiner
#Define RootDSE
server.Root.chain=RootDSE
server.Root.nameSpace=
server.Root.weight=0
server.Root.RootDSE.className=net.sourceforge.myvd.inserts.RootDSE
server.Root.RootDSE.config.namingContexts=o=mycompany,c=us|dc=coreblox,dc=com|o=joinedldap,c=US
server.Root.RootDSE.config.supportedControls=2.16.840.1.113730.3.4.18,2.16.840.1.113730.3.4.2,1.3.6.1.4.1.4203.1.10.1,1.2.840.113556.1.4.319,1.2.826.0.1.334810.2.3,1.2.826.0.1.3344810.2.3,1.3.6.1.1.13.2,1.3.6.1.1.13.1,1.3.6.1.1.12
server.Root.RootDSE.config.supportedSaslMechanisms=NONE
#Define Proxy2
#server.BaseServer2.chain=dump,dnmap,LDAPBaseServer
server.BaseServer2.chain=dnmap,LDAPBaseServer
server.BaseServer2.nameSpace=dc=coreblox,dc=com
server.BaseServer2.weight=0
#server.BaseServer2.dump.className=net.sourceforge.myvd.inserts.DumpTransaction
#server.BaseServer2.dump.config.logLevel=info
#server.BaseServer2.dump.config.label=GROUPS
server.BaseServer2.dnmap.className=net.sourceforge.myvd.inserts.mapping.DNAttributeMapper
server.BaseServer2.dnmap.config.dnAttribs=uniqueMember,entrydn
server.BaseServer2.dnmap.config.localBase=dc=coreblox,dc=com
server.BaseServer2.dnmap.config.remoteBase=dc=coreblox,dc=local
server.BaseServer2.LDAPBaseServer.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor
server.BaseServer2.LDAPBaseServer.config.host=cluster2.marauder.local
server.BaseServer2.LDAPBaseServer.config.port=2389
server.BaseServer2.LDAPBaseServer.config.remoteBase=dc=coreblox,dc=local
server.BaseServer2.LDAPBaseServer.config.proxyDN=cn=Directory Manager
server.BaseServer2.LDAPBaseServer.config.proxyPass=Passw0rd!
#Define Proxy
#server.BaseServer.chain=dump,dnmap,LDAPBaseServer
server.BaseServer.chain=dnmap,LDAPBaseServer
server.BaseServer.nameSpace=o=mycompany,c=us
server.BaseServer.weight=0
#server.BaseServer.dump.className=net.sourceforge.myvd.inserts.DumpTransaction
#server.BaseServer.dump.config.logLevel=info
#server.BaseServer.dump.config.label=GROUPS
server.BaseServer.dnmap.className=net.sourceforge.myvd.inserts.mapping.DNAttributeMapper
server.BaseServer.dnmap.config.dnAttribs=uniqueMember,entrydn
server.BaseServer.dnmap.config.localBase=o=mycompany,c=us
server.BaseServer.dnmap.config.remoteBase=dc=marauder,dc=local
server.BaseServer.LDAPBaseServer.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor
server.BaseServer.LDAPBaseServer.config.host=cluster1.marauder.local
server.BaseServer.LDAPBaseServer.config.port=2389
server.BaseServer.LDAPBaseServer.config.remoteBase=dc=marauder,dc=local
server.BaseServer.LDAPBaseServer.config.proxyDN=cn=Directory Manager
server.BaseServer.LDAPBaseServer.config.proxyPass=Passw0rd!
#Join
server.GlobalJoiner.chain=joiner
server.GlobalJoiner.nameSpace=o=joinedldap,c=US
server.GlobalJoiner.weight=0
server.GlobalJoiner.joiner.className=net.sourceforge.myvd.inserts.join.Joiner
server.GlobalJoiner.joiner.config.primaryNamespace=o=mycompany,c=us
server.GlobalJoiner.joiner.config.joinedNamespace=dc=coreblox,dc=com
server.GlobalJoiner.joiner.config.joinedAttributes=initials,l,mobile,pager
server.GlobalJoiner.joiner.config.joinFilter=(uid=ATTR.title)
#server.GlobalJoiner.joiner.config.bindPrimaryFirst=true
We are attempting to join two data sources BaseServer (o=mycompany,c=us) and BaseServer2 (dc=coreblox,dc=com):
server.listener.port=10983
Configure global chains
server.globalChain=
server.nameSpaces=Root,BaseServer2,BaseServer,GlobalJoiner
Define RootDSE
server.Root.chain=RootDSE server.Root.nameSpace= server.Root.weight=0 server.Root.RootDSE.className=net.sourceforge.myvd.inserts.RootDSE server.Root.RootDSE.config.namingContexts=o=mycompany,c=us|dc=coreblox,dc=com|o=joinedldap,c=US server.Root.RootDSE.config.supportedControls=2.16.840.1.113730.3.4.18,2.16.840.1.113730.3.4.2,1.3.6.1.4.1.4203.1.10.1,1.2.840.113556.1.4.319,1.2.826.0.1.334810.2.3,1.2.826.0.1.3344810.2.3,1.3.6.1.1.13.2,1.3.6.1.1.13.1,1.3.6.1.1.12 server.Root.RootDSE.config.supportedSaslMechanisms=NONE
Define Proxy2
server.BaseServer2.chain=dump,dnmap,LDAPBaseServer server.BaseServer2.nameSpace=dc=coreblox,dc=com server.BaseServer2.weight=0 server.BaseServer2.dump.className=net.sourceforge.myvd.inserts.DumpTransaction server.BaseServer2.dump.config.logLevel=info server.BaseServer2.dump.config.label=GROUPS server.BaseServer2.dnmap.className=net.sourceforge.myvd.inserts.mapping.DNAttributeMapper server.BaseServer2.dnmap.config.dnAttribs=uniqueMember,entrydn server.BaseServer2.dnmap.config.localBase=dc=coreblox,dc=com server.BaseServer2.dnmap.config.remoteBase=dc=coreblox,dc=local server.BaseServer2.LDAPBaseServer.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor server.BaseServer2.LDAPBaseServer.config.host=cluster2.marauder.local server.BaseServer2.LDAPBaseServer.config.port=2389 server.BaseServer2.LDAPBaseServer.config.remoteBase=dc=coreblox,dc=local server.BaseServer2.LDAPBaseServer.config.proxyDN=cn=Directory Manager server.BaseServer2.LDAPBaseServer.config.proxyPass=xxx
Define Proxy
server.BaseServer.chain=dump,dnmap,LDAPBaseServer server.BaseServer.nameSpace=o=mycompany,c=us server.BaseServer.weight=0 server.BaseServer.dump.className=net.sourceforge.myvd.inserts.DumpTransaction server.BaseServer.dump.config.logLevel=info server.BaseServer.dump.config.label=GROUPS server.BaseServer.dnmap.className=net.sourceforge.myvd.inserts.mapping.DNAttributeMapper server.BaseServer.dnmap.config.dnAttribs=uniqueMember,entrydn server.BaseServer.dnmap.config.localBase=o=mycompany,c=us server.BaseServer.dnmap.config.remoteBase=dc=marauder,dc=local server.BaseServer.LDAPBaseServer.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor server.BaseServer.LDAPBaseServer.config.host=cluster1.marauder.local server.BaseServer.LDAPBaseServer.config.port=2389 server.BaseServer.LDAPBaseServer.config.remoteBase=dc=marauder,dc=local server.BaseServer.LDAPBaseServer.config.proxyDN=cn=Directory Manager server.BaseServer.LDAPBaseServer.config.proxyPass=xxx
Join
server.GlobalJoiner.chain=joiner server.GlobalJoiner.nameSpace=o=joinedldap,c=US server.GlobalJoiner.weight=0 server.GlobalJoiner.joiner.className=net.sourceforge.myvd.inserts.join.Joiner server.GlobalJoiner.joiner.config.primaryNamespace=o=mycompany,c=us server.GlobalJoiner.joiner.config.joinedNamespace=dc=coreblox,dc=com server.GlobalJoiner.joiner.config.joinedAttributes=initials,l,mobile,pager server.GlobalJoiner.joiner.config.joinFilter=(uid=ATTR.title)
--
When we do this the entrries seem to join, but none of the specified attributes are returned.
--
o=mycompany,c=us entry: dn: uid=afuller,ou=people,o=mycompany,c=us objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: Ann Fuller sn: Fuller description: sthompson title: user.0 uid: afuller createTimestamp: 20200819134827.636Z creatorsName: cn=Directory Manager entrydn: uid=afuller,ou=people,o=mycompany,c=us modifiersName: cn=Directory Manager modifyTimestamp: 20200826140027.946Z
--
dc=coreblox,dc=com entry: dn: uid=user.0,ou=People,dc=coreblox,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: Anett Rezzik sn: Rezzik description: testing employeeNumber: 0 givenName: Anett homePhone: +1 295 940 2750 initials: AOR l: Rhinelander mail: user.0@example.com mobile: +1 164 286 4924 pager: +1 604 109 3407 postalAddress: Anett Rezzik$22411 Birch Street$Rhinelander, PA 98160 postalCode: 98160 st: PA street: 22411 Birch Street telephoneNumber: +1 594 307 3495 uid: user.0 userPassword:: e1NTSEF9eEU1ai9YZHYxcW5zT1g2Q05vcVlNbFk0VFdEek1KVmJrcnVRK0E9P Q== actualdn: uid=user.0,ou=People,dc=example,dc=com createTimestamp: 20200826135051.535Z creatorsName: cn=Directory Manager entrydn: uid=user.0,ou=People,dc=coreblox,dc=com modifiersName: cn=Directory Manager modifyTimestamp: 20200826135051.535Z vsysacacheactualdn: uid=user.0,ou=People,dc=example,dc=com vsysacacheguid: ad55a34a-763f-358f-93f9-da86f9ecd9e4 vsysacachemetadn: dc=coreblox,dc=local vsysacacheurl: ldap://[ping_directory]/dc=example,dc=com
--
o=joinedldap,c=us joined entry: dn: uid=afuller,ou=people,o=joinedldap,c=US objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: Ann Fuller sn: Fuller description: sthompson title: user.0 uid: afuller createTimestamp: 20200819134827.636Z creatorsName: cn=Directory Manager entrydn: uid=afuller,ou=people,o=mycompany,c=us joinedBases: dc=coreblox,dc=com joinedDNs: uid=user.0,ou=People,dc=coreblox,dc=com modifiersName: cn=Directory Manager modifyTimestamp: 20200826140027.946Z primaryBase: o=mycompany,c=us primaryDN: uid=afuller,ou=people,o=mycompany,c=us
We have tried switching the order, changing attributes, etc and while the entries join we cannot get the attributes to show.
Any ideas will be appreciated. Thanks.