If I try to Login as user111, I can confirm that the login success.
And user112 in the same hierarchical structure also Login normally.
However, if the hierarchical structure is different like user121 and user122, of course, the DN is different, so the login is not possible.
How should I configure LDAP in this case? I tried adding accounts to each group for the same LDAP URL, but even in this case, a problem occurs.
This is not a problem when the current LDAP registration method is a flat structure, but there seems to be a problem in the hierarchical structure. Do I have to think that it can’t be linked realistically?
If the structure differs for the binding user compared to the users using the integration to authenticate with Morpheus then you may not be able to use the LDAP integration.
Hope the below works in your case
dc=tc,dc=local
ou=ou1,
ㅡㄴcn=group
ㅡㅡㄴcn=bindinguser
ㅡㅡㄴcn=group11
ㅡㅡㅡㄴcn=user111
ㅡㅡㅡㄴcn=user112
ㅡㅡㄴcn=group12
ㅡㅡㅡㄴcn=user121
ㅡㅡㅡㄴcn=user122
USER DN EXPRESSION : cn=$username,cn=group,ou=ou1,dc=tc,dc=local
Thanks you for comment.
But the case you mentioned doesn’t work properly either.
It seems impossible because the hierarchical level between the newly created binding user and the existing user is different.
I am an engineer with experience developing Java based Maven projects. From the developer’s experience, it is doubtful whether it was developed to be impossible to interoperate in the hierarchy.
I previously tested using slapd.
For reference, the slapd service had a problem because I had to define the structure myself and it did not support the memberOf attribute required for role mapping.
So, I changed to the FreeIPA service and tested it, and the linkage was completed.
Just a note, release 6.0.1 has tweaks that make OpenLDAP functional as well! I believe this thread focused on the need to change LDAP provider in the lab.
