When configuring LDAP authentication, if I set my 'userBase' value to "dc=domain,dc=com" the authentication files. If I set it to "ou=Unit,dc=domain,dc=com" it works.
Unfortunately, some of the users will be in "ou=Unit,dc=domain,com" and other users may be in "ou=Remote,dc=domain,dc=com"
How can I configure this to find users in both OU's since I cannot seem to just set the userBase to the top-level domain?
2 Community Answers
Kalyan Arangam —
I tried replicating your scenario and got the following error in catalina.out file. I presume you might have it as well.
04-Oct-2017 08:36:08.136 SEVERE [http-apr-8080-exec-1] org.apache.catalina.realm.JNDIRealm.authenticate Exception performing authentication
javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ‘DC=test,DC=mtln,DC=com’
Without going into further detail, i managed to resolve this by using port 3268 instead of 369. From what i read, Port 3268 sends LDAP searches to the Global Catalog.
Please try this out and check if it helps.
SSH to the matillion instance.
Edit file /etc/tomcat8/server.xml
locate LDAP settings (<Realm /> tag) and change the port on connectionURL attribute to 3268
ensure attribute userSubtree=“true”
Save and close server.xml
Restart tomcat – sudo service tomcat8 restart
Ensure port 3268 is open on your security group
Hopefully this should resolve the issue. (fingers crossed)
Further reading –