Ldapsearch failing on Duo



I created a account on Duo.com and manually added couple of users and groups

then i have a client which is trying to perform an ldap search
i am able to do a ldap_bind successfully but when we try to do a search it fails with

ldap error: Critical extension is unavailable, base=‘dc=■■■■,dc=duosecurity,dc=com’ filter=’(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))’

Unable to search base=‘dc=■■■■,dc=duosecurity,dc=com’ filter=’(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))’

Here is what my dn looks like

directory_username dc=■■■■,dc=duosecurity,dc=com;
directory_password *****
ldap_user_naming_attribute cn;
ldap_user_search_base dc■■■■,=dc=duosecurity,dc=com;
ldap_group_search_base dc=ldap_group_search_base dc=duosecurity,dc=com,dc=duosecurity,dc=com;
ldap_group_attribute member;



You may not retrieve group information via LDAP from Duo.


Can you please elaborate a little more? Is this not possible? We are a firewall company and want to use duo as a primary authentication source…for that we need to download the users and group information which is stored in duo (which i assume is an LDAP server)


Hi there!

We do not support or recommend use of Duo as a primary authentication source. We provide secondary authentication by design.


Thanks for the quick response Kristina…is there any api duo exposes from where we can download users and groups stored in Duo?


Please take a look at our Admin API. It is capable of retrieving user and group information from our cloud service.