2 Replies Latest reply on Aug 29, 2018 2:43 AM by Pierre Fumet

    Error on identityStore initial import with OpenLDAP

    Pierre Fumet

      Hello,

      i'm trying to initialize Tableau installation, using "OpenLDAP - Simple Bind" configuration template as given here : identityStore Entity.

      But this template doesn't allow me to speak with my OpenLDAP server in a way it can answer.

      Thanks in adance for your help.

       

      Error on tableau server :

      $ tsm settings import -f identityStore.json

      Identity store Configuration Error: External identity store was unreachable. The external store is either down or Tableau Server is unable to establish a connection.

       

      Corresponding error on OpenLDAP server :

      Aug 24 10:39:03 ldapserver slapd[27655]: conn=5533752 fd=60 ACCEPT from IP=xxxx:34340 (IP=0.0.0.0:389)

      Aug 24 10:39:03 ldapserver slapd[27655]: conn=5533752 op=0 BIND dn="uid=tableauapp,ou=sysaccounts,o=myorg" method=128

      Aug 24 10:39:03 ldapserver slapd[27655]: conn=5533752 op=0 BIND dn="uid=tableauapp,ou=sysaccounts,o=myorg" mech=SIMPLE ssf=0

      Aug 24 10:39:03 ldapserver slapd[27655]: conn=5533752 op=0 RESULT tag=97 err=0 text=

      Aug 24 10:39:03 ldapserver slapd[27655]: conn=5533752 op=1 SRCH base="dc=myorg" scope=2 deref=3 filter="(&(&(objectClass=myorgPeople)(myorgAllowedServices=tableau))(|(uid=uid=tableauapp,ou=sysaccounts,o=myorg)(cn=uid=tableauapp,ou=sysaccounts,o=myorg)))"

      Aug 24 10:39:03 ldapserver slapd[27655]: conn=5533752 op=1 SRCH attr=1.1 jpegPhoto uid mail objectClass cn

      Aug 24 10:39:03 ldapserver slapd[27655]: conn=5533752 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=

      Aug 24 10:39:03 ldapserver slapd[27655]: conn=5533752 op=2 UNBIND

      Aug 24 10:39:03 ldapserver slapd[27655]: conn=5533752 fd=60 closed

       

      json :

      {

      "configEntities":{

        "identityStore": {

         "_type": "identityStoreType",

         "type": "activedirectory",

         "domain": "myorg",

         "hostname": "x.x.x.x",

         "port": "389",

         "directoryServiceType": "openldap",

         "bind": "simple",

         "username": "uid=tableauapp,ou=sysaccounts,o=myorg",

         "password": "xxxxx",

         "identityStoreSchemaType": {

                "userBaseFilter": "(&(objectClass=myorgPeople)(myorgAllowedServices=tableau))",

                "userBaseDN": "ou=people,o=myorg",

                "userUsername": "uid",

                "userDisplayName": "cn",

                "userEmail": "mail",

                "userJpegPhoto": "jpegPhoto",

                "groupBaseFilter": "(objectClass=myorgGroup)",

                "groupBaseDN": "ou=groups,o=myorg",

                "groupName": "cn",

                "groupDescription": "description",

                "member": "memberUid",

                "distinguishedNameAttribute": "dn",

                "serverSideSorting": "true",

                "rangeRetrieval": "false"

                }

          }

        }

      }

       

      Clearly, errors show a misinterpretation / lack of fields used in the template :

      - domain -> my root syntax is "o=", not "dc=", but this last is set and generates an an error ("SRCH base="dc=myorg")

      Documentation says : "In LDAP directories, specify the root domain name in the same format. For example, if your root is "dc=my,dc=root", specify "my.root", but i need to have "o=myorg" as "SRCH base".

      It doesn't work even with "userBaseDN": "ou=people,o=myorg" added in identityStoreSchemaType.

      - userUsername is mapped with "uid" but log shows : "(|(uid=uid=tableauapp,ou=sysaccounts,o=myorg)(cn=uid=tableauapp,ou=sysaccounts,o=myorg))"

      We should have : (|(dn=uid=tableauapp,ou=sysaccounts,o=myorg)(uid=tableauapp)) instead.