Ldapsearch failing on Duo


#1

Hello,

I created a account on Duo.com and manually added couple of users and groups

then i have a client which is trying to perform an ldap search
i am able to do a ldap_bind successfully but when we try to do a search it fails with

ldap error: Critical extension is unavailable, base=‘dc=■■■■,dc=duosecurity,dc=com’ filter=’(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))’

Unable to search base=‘dc=■■■■,dc=duosecurity,dc=com’ filter=’(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))’

Here is what my dn looks like

directory_username dc=■■■■,dc=duosecurity,dc=com;
directory_password *****
ldap_user_naming_attribute cn;
ldap_user_search_base dc■■■■,=dc=duosecurity,dc=com;
ldap_group_search_base dc=ldap_group_search_base dc=duosecurity,dc=com,dc=duosecurity,dc=com;
ldap_group_attribute member;

Blockquote


#2

You may not retrieve group information via LDAP from Duo.


#3

Can you please elaborate a little more? Is this not possible? We are a firewall company and want to use duo as a primary authentication source…for that we need to download the users and group information which is stored in duo (which i assume is an LDAP server)


#4

Hi there!

We do not support or recommend use of Duo as a primary authentication source. We provide secondary authentication by design.


#5

Thanks for the quick response Kristina…is there any api duo exposes from where we can download users and groups stored in Duo?


#6

Please take a look at our Admin API. It is capable of retrieving user and group information from our cloud service.