Hey all, I’ve been stuck on this for a while. In my config file, if I comment out security_group_dn or ldap_filter, everything comes back as normal on the configuration tool, but it still doesn’t work for my vmware view instances. When I add in either “security_group_dn” or “ldap_filter”, it returns the following message:
[warn] The LDAP Client section has connectivity problems. [warn] The LDAP host clear connection to redacted.domain.com:389 has connectivity problems. [info] The Auth Proxy was able to establish a connection to redacted.domain.com:389. [info] The Auth Proxy was able to establish an LDAP connection to DC.domain.com:389. [info] The Auth Proxy was able to bind as <service_account>. [error] The Auth Proxy did not get results searching for users in DN DC=AD,DC=domain,DC=com using the filter (&(|(&(objectClass=user)(objectCategory=person))(objectClass=inetOrgPerson)(objectClass=organizationalPerson))(memberOf=OU=Users,OU=User Base,OU=company,DC=AD,DC=domain,DC=com)). It is likely that Duo would not be able to find specific users during authentication. Please confirm that DC=AD,DC=domain,DC=com is the correct, fully qualified DN and that users should pass the filter.
I have tried modifying the OU’s and trying different OU’s but it all results in the same error. Any chance somebody has run across this? Any assistance or tips would be greatly appreciated!
To add to this in case it’s needed, this is my authproxy.cfg file: