Which version of BBSA are you doing this in? It looks to be 8.2, is that correct?
Where are you seeing "Principal ID"?
Can you provide screenshots of your user query and group query and I'll have a look?
just back from vacation I answer your message "a bit late".
So, yes, we are on 8.2. As I'm currently not onsite, I will ask the customer for sending some screenshot. The "Principal ID" is a field in the "add group mapping"-dialog if I remember right. Will clearify that tomorrow.
Thanks so far,
Principle ID is the distinguished name for the user which you are wishing to use for your automation principal user. The one that should have read perms to all AD groups where you want to sync
...or so I believe
Were you able to get this to work, and did you use ssl authentication?
I'm doing a new POC on 8.2.01 running on OEL 5.7 VMs and I have setup domain authentication, my automation principle, imported the root ca cert to the ldap connection and created the group and user queries. when I pull the query on 389, I get 0 results - but my dn is in the form cn=name, ou=group - so I'll try the other syntax.
My bigger issue is that we have to use SSL in production and when I change it to use ldaps on port 636 or 3269, the query errors out and tells me that startTLS protocol is not supported and that LDAP v3 is not supported on my domain controller - however, it is supported and works fine when I use the LdapAdmin tool from
http://www.ldapadmin.org it works fine using the LDAP v3 and my query returns the right users
I think the issue may be in the fact that we require multiple certs for the domain authentication (we needed all 6 for our bbna implementation)-
does anyone know if there is a way to attach multiple certs to the LDAP connection?