07-19-2018 07:37 AM
Hello,
I created a account on Duo.com and manually added couple of users and groups
then i have a client which is trying to perform an ldap search
i am able to do a ldap_bind successfully but when we try to do a search it fails with
ldap error: Critical extension is unavailable, base=‘dc=■■■■■■■■■■■■■■■■■■■■,dc=duosecurity,dc=com’ filter=’(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))’
Unable to search base=‘dc=■■■■■■■■■■■■■■■■■■■■,dc=duosecurity,dc=com’ filter=’(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))’
Here is what my dn looks like
directory_username dc=■■■■■■■■■■■■■■■■■■■■,dc=duosecurity,dc=com;
directory_password *****
ldap_user_naming_attribute cn;
ldap_user_search_base dc■■■■■■■■■■■■■■■■■■■■,=dc=duosecurity,dc=com;
ldap_group_search_base dc=ldap_group_search_base dc=duosecurity,dc=com,dc=duosecurity,dc=com;
ldap_group_attribute member;
Blockquote
07-19-2018 12:20 PM
You may not retrieve group information via LDAP from Duo.
07-25-2018 08:33 AM
Can you please elaborate a little more? Is this not possible? We are a firewall company and want to use duo as a primary authentication source…for that we need to download the users and group information which is stored in duo (which i assume is an LDAP server)
07-25-2018 12:44 PM
Hi there!
We do not support or recommend use of Duo as a primary authentication source. We provide secondary authentication by design.
07-25-2018 01:55 PM
Thanks for the quick response Kristina…is there any api duo exposes from where we can download users and groups stored in Duo?
07-25-2018 02:40 PM
Please take a look at our Admin API. It is capable of retrieving user and group information from our cloud service.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide