Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
161
Views
0
Helpful
1
Replies

Cannot directory sync with rfc2307bis

davama
Level 1
Level 1

‎07-27-2018 05:45 AM

Im testing DUO products. I installed 2 different openldap instances. With similar DITs.

I can sync users/groups with one vm but not with the other.

My second vm has rfc2307bis schema enabled instead of the nis schema. I am not able to sync users with this ldap directory. When i try to sync with this vm all my previously synced users get erased.

Logs from rfc2307bis duoauthproxy

2018-07-27T12:41:32+0000 [duoauthproxy.lib.ldap.client.ADClientFactory#info] Starting factory <duoauthproxy.lib.ldap.client.ADClientFactory object at 0x7fdda21d99d0>
2018-07-27T12:41:32+0000 [Uninitialized] C->S LDAPMessage(id=7, value=LDAPBindRequest(version=3, dn='cn=authuser,dc=datacom,dc=net', auth='*****', sasl=False))
2018-07-27T12:41:32+0000 [ADClientProtocol,client] C<-S LDAPMessage(id=7L, value=LDAPBindResponse(resultCode=0L))
2018-07-27T12:41:32+0000 [ADClientProtocol,client] C->S LDAPMessage(id=8, value=LDAPSearchRequest(baseObject=u'dc=datacom,dc=net', scope=2, derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=LDAPFilter_equalityMatch(attributeDesc=L■■■■■■■■■■■■■■■■■■■■ion(value='objectclass'), assertionValue=LDAPAssertionValue(value='groupofnames')), attributes=['entrydn', 'entryuuid', 'cn']))
2018-07-27T12:41:32+0000 [ADClientProtocol,client] C<-S LDAPMessage(id=8L, value=L■■■■■■■■■■■■■■■■■■■■(objectName='cn=config,ou=Group,dc=datacom,dc=net', attributes=[('cn', ['config']), ('entryUUID', ['20fb94a4-25e3-1038-91bc-a377366bb41b']), ('entryDN', ['cn=config,ou=Group,dc=datacom,dc=net'])])
2018-07-27T12:41:32+0000 [ADClientProtocol,client] C<-S LDAPMessage(id=8L, value=L■■■■■■■■■■■■■■■■■■■■(objectName='cn=router-manager,ou=Group,dc=datacom,dc=net', attributes=[('cn', ['router-manager']), ('entryUUID', ['217eb3d4-25e3-1038-91bd-a377366bb41b']), ('entryDN', ['cn=router-manager,ou=Group,dc=datacom,dc=net'])])
2018-07-27T12:41:32+0000 [ADClientProtocol,client] C<-S LDAPMessage(id=8L, value=L■■■■■■■■■■■■■■■■■■■■(objectName='cn=switch-manager,ou=Group,dc=datacom,dc=net', attributes=[('cn', ['switch-manager']), ('entryUUID', ['21fabc5e-25e3-1038-91be-a377366bb41b']), ('entryDN', ['cn=switch-manager,ou=Group,dc=datacom,dc=net'])])
2018-07-27T12:41:32+0000 [ADClientProtocol,client] C<-S LDAPMessage(id=8L, value=L■■■■■■■■■■■■■■■■■■■■(objectName='cn=syslog,ou=Group,dc=datacom,dc=net', attributes=[('cn', ['syslog']), ('entryUUID', ['22a5a2ae-25e3-1038-91bf-a377366bb41b']), ('entryDN', ['cn=syslog,ou=Group,dc=datacom,dc=net'])])
2018-07-27T12:41:32+0000 [ADClientProtocol,client] C<-S LDAPMessage(id=8L, value=L■■■■■■■■■■■■■■■■■■■■(objectName='cn=dmz,ou=Group,dc=datacom,dc=net', attributes=[('cn', ['dmz']), ('entryUUID', ['233ac2c6-25e3-1038-91c0-a377366bb41b']), ('entryDN', ['cn=dmz,ou=Group,dc=datacom,dc=net'])])
2018-07-27T12:41:32+0000 [ADClientProtocol,client] C<-S LDAPMessage(id=8L, value=L■■■■■■■■■■■■■■■■■■■■(objectName='cn=librenms,ou=Group,dc=datacom,dc=net', attributes=[('cn', ['librenms']), ('entryUUID', ['2360a0b8-25e3-1038-91c1-a377366bb41b']), ('entryDN', ['cn=librenms,ou=Group,dc=datacom,dc=net'])])
2018-07-27T12:41:32+0000 [ADClientProtocol,client] C<-S LDAPMessage(id=8L, value=L■■■■■■■■■■■■■■■■■■■■(objectName='cn=netbox,ou=Group,dc=datacom,dc=net', attributes=[('cn', ['netbox']), ('entryUUID', ['23835d2e-25e3-1038-91c2-a377366bb41b']), ('entryDN', ['cn=netbox,ou=Group,dc=datacom,dc=net'])])
2018-07-27T12:41:32+0000 [ADClientProtocol,client] C<-S LDAPMessage(id=8L, value=L■■■■■■■■■■■■■■■■■■■■(objectName='cn=wantoolkit,ou=Group,dc=datacom,dc=net', attributes=[('cn', ['wantoolkit']), ('entryUUID', ['2435865c-25e3-1038-91c3-a377366bb41b']), ('entryDN', ['cn=wantoolkit,ou=Group,dc=datacom,dc=net'])])
2018-07-27T12:41:32+0000 [ADClientProtocol,client] C<-S LDAPMessage(id=8L, value=L■■■■■■■■■■■■■■■■■■■■(objectName='cn=inmon,ou=Group,dc=datacom,dc=net', attributes=[('cn', ['inmon']), ('entryUUID', ['243b4f92-25e3-1038-91c4-a377366bb41b']), ('entryDN', ['cn=inmon,ou=Group,dc=datacom,dc=net'])])
2018-07-27T12:41:32+0000 [ADClientProtocol,client] C<-S LDAPMessage(id=8L, value=LDAPSearchResultDone(resultCode=0L))
2018-07-27T12:41:32+0000 [duoauthproxy.lib.ldap.client.ADClientFactory#info] Stopping factory <duoauthproxy.lib.ldap.client.ADClientFactory object at 0x7fdda21d99d0>
2018-07-27T12:41:46+0000 [duoauthproxy.lib.ldap.client.ADClientFactory#info] Starting factory <duoauthproxy.lib.ldap.client.ADClientFactory object at 0x7fdda21d9990>
2018-07-27T12:41:46+0000 [Uninitialized] C->S LDAPMessage(id=9, value=LDAPBindRequest(version=3, dn='cn=authuser,dc=datacom,dc=net', auth='*****', sasl=False))
2018-07-27T12:41:46+0000 [ADClientProtocol,client] C<-S LDAPMessage(id=9L, value=LDAPBindResponse(resultCode=0L))
2018-07-27T12:41:46+0000 [ADClientProtocol,client] C->S LDAPMessage(id=10, value=LDAPSearchRequest(baseObject=u'dc=datacom,dc=net', scope=2, derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=LDAPFilter_and(value=[LDAPFilter_equalityMatch(attributeDesc=L■■■■■■■■■■■■■■■■■■■■ion(value='objectclass'), assertionValue=LDAPAssertionValue(value='groupofnames')), LDAPFilter_or(value=[LDAPFilter_equalityMatch(attributeDesc=L■■■■■■■■■■■■■■■■■■■■ion(value='entryuuid'), assertionValue=LDAPAssertionValue(value='b84045ca-1d47-1038-8e2b-474a0e4699f7')), LDAPFilter_equalityMatch(attributeDesc=L■■■■■■■■■■■■■■■■■■■■ion(value='entryuuid'), assertionValue=LDAPAssertionValue(value='b841701c-1d47-1038-8e2c-474a0e4699f7')), LDAPFilter_equalityMatch(attributeDesc=L■■■■■■■■■■■■■■■■■■■■ion(value='entryuuid'), assertionValue=LDAPAssertionValue(value='b845bac8-1d47-1038-8e2d-474a0e4699f7')), LDAPFilter_equalityMatch(attributeDesc=L■■■■■■■■■■■■■■■■■■■■ion(value='entryuuid'), assertionValue=LDAPAssertionValue(value='b848c97a-1d47-1038-8e2e-474a0e4699f7')), LDAPFilter_equalityMatch(attributeDesc=L■■■■■■■■■■■■■■■■■■■■ion(value='entryuuid'), assertionValue=LDAPAssertionValue(value='b84a7522-1d47-1038-8e2f-474a0e4699f7')), LDAPFilter_equalityMatch(attributeDesc=L■■■■■■■■■■■■■■■■■■■■ion(value='entryuuid'), assertionValue=LDAPAssertionValue(value='b84de130-1d47-1038-8e30-474a0e4699f7')), LDAPFilter_equalityMatch(attributeDesc=L■■■■■■■■■■■■■■■■■■■■ion(value='entryuuid'), assertionValue=LDAPAssertionValue(value='b8391692-1d47-1038-8e29-474a0e4699f7')), LDAPFilter_equalityMatch(attributeDesc=L■■■■■■■■■■■■■■■■■■■■ion(value='entryuuid'), assertionValue=LDAPAssertionValue(value='b83ecace-1d47-1038-8e2a-474a0e4699f7')), LDAPFilter_equalityMatch(attributeDesc=L■■■■■■■■■■■■■■■■■■■■ion(value='entryuuid'), assertionValue=LDAPAssertionValue(value='d4762082-1a51-1038-9df4-55d77671f636'))])]), attributes=['entrydn', 'entryuuid']))
2018-07-27T12:41:46+0000 [ADClientProtocol,client] C<-S LDAPMessage(id=10L, value=LDAPSearchResultDone(resultCode=0L))
2018-07-27T12:41:46+0000 [duoauthproxy.lib.ldap.client.ADClientFactory#info] Stopping factory <duoauthproxy.lib.ldap.client.ADClientFactory object at 0x7fdda21d9990>

how my groups looks like:

dn: cn=netbox,ou=Group,dc=datacom,dc=net
objectClass: posixGroup
objectClass: groupOfNames
objectClass: top
cn: netbox
gidNumber: 1009
description: Netbox web access
member: uid=---,ou=People,dc=datacom,dc=net
member: uid=----,ou=People,dc=datacom,dc=net
member: uid=----,ou=People,dc=datacom,dc=net
member: uid=----r,ou=People,dc=datacom,dc=net
member: uid=----,ou=People,dc=datacom,dc=net
member: uid=----,ou=People,dc=datacom,dc=net

Thanks,
dave

Labels:
0 Helpful
1 Reply 1

mkorovesisduo
Level 4
Level 4

‎07-27-2018 06:47 AM

Hi dave, please reach out to Duo Support for help with your issue. Thanks!

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents