4 Replies Latest reply on Jan 13, 2020 1:01 AM by Björn Oelgemöller

    how to deactivate Paged search? (RSSO 19.08 + LDAP)

    Björn Oelgemöller
      Share This:

      Hello,

       

      we are using RSSO with LDAP integration to authenticate users in TSO.

      Authenticating a user works fine.

       

      But with activated "Enable Group Retrieval" feature, we run into issus.
      It seems like the 2nd query makes use of paging when querying the LDAP. This is not allowed in our environment and produces an error which leads to a failed login attempt.

       

       

      • My question is: Is there an option to disable paging?

       

       

      Regards,

      Björn

       

       

       

      rsso.log:

       

      20-11-19 12:17:39.621 [070-exec-2] DEBUG com.bmc.rsso.auth.Authenticator.doAuth()          : Login request for '***MYUSER***'

      20-11-19 12:17:39.621 [070-exec-2] DEBUG c.b.r.c.a.e.ldap.LDAPAuthentication.authenticate(): Search context parameters: ldapProviderUrl=ldaps://***MYSERVER***:***MYPORT***, ldapAuthMechanism=simple, ldapSaslQop=AUTH, username=uid=******,ou=technisch,ou=****eG,ou=****,o=****

      20-11-19 12:17:39.730 [Timer-0   ] DEBUG ConfigurationDao.getLatestConfigurationTimestamp(): Configuration latest timestamp was retrieved '1574232228'

      20-11-19 12:17:39.926 [070-exec-2] DEBUG om.bmc.rsso.core.ldap.LDAPHelper.searchUserEntry(): Searching user entry with filter '(uid=***MYUSER***)', search base 'ou=****,ou=*****,ou=****,o=*****', search scope '2'

      20-11-19 12:17:39.930 [070-exec-2] DEBUG om.bmc.rsso.core.ldap.LDAPHelper.searchUserEntry(): SearchResult: 'uid=***MYUSER***: null:null:{uid=uid: ***MYUSER***}'

      20-11-19 12:17:39.930 [070-exec-2] DEBUG om.bmc.rsso.core.ldap.LDAPHelper.searchUserEntry(): Found user with DN: 'uid=***MYUSER***,ou=****,ou=****,ou=*****,o=*****'

      20-11-19 12:17:39.930 [070-exec-2] INFO  c.b.r.c.a.e.ldap.LDAPAuthentication.authenticate(): A value for LDAP attribute uid is ***MYUSER***

      20-11-19 12:17:39.930 [070-exec-2] DEBUG c.b.r.c.a.e.ldap.LDAPAuthentication.authenticate(): LDAP auth context parameters: ldapProviderUrl=ldaps://***MYSERVER***:***MYPORT***, ldapAuthMechanism=simple, ldapSaslQop=AUTH, username=uid=***MYUSER***,ou=****,ou=****eG,ou=***,o=****

      20-11-19 12:17:40.240 [070-exec-2] DEBUG om.bmc.rsso.core.ldap.LDAPHelper.getGroupsByUser(): Searching groups by user '***MYUSER***' with filter '(member=uid\=***MYUSER***\,ou\=****\,ou\=*****\,ou\=****\,o\=****)', search base 'ou=******,ou=BMC_AO,ou=******,ou=*****,ou=*****,o=****', search scope '2', page size '2000' and attribute 'cn'

      20-11-19 12:17:40.242 [070-exec-2] ERROR c.b.r.c.a.e.ldap.LDAPAuthentication.authenticate(): Failed to get groups for user

      javax.naming.OperationNotSupportedException: [LDAP: error code 12 - R010068 Paged search is allowed only when bound as an LDAP administrator (process_server_controls:2566)]

      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3214)

      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)

      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)

      at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)

      at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)

      ...

      20-11-19 12:17:40.243 [070-exec-2] WARN  com.bmc.rsso.auth.Authenticator.doAuth()          : User failed to login, auth type: IdPLDAP, order: 1