Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

LDAP Authentication: userBase

When configuring LDAP authentication, if I set my 'userBase' value to "dc=domain,dc=com" the authentication files. If I set it to "ou=Unit,dc=domain,dc=com" it works.

Unfortunately, some of the users will be in "ou=Unit,dc=domain,com" and other users may be in "ou=Remote,dc=domain,dc=com"

How can I configure this to find users in both OU's since I cannot seem to just set the userBase to the top-level domain?

1 Community Answers

Matillion Agent  

Kalyan Arangam —

Hi Daniel,

I tried replicating your scenario and got the following error in catalina.out file. I presume you might have it as well.

04-Oct-2017 08:36:08.136 SEVERE [http-apr-8080-exec-1] org.apache.catalina.realm.JNDIRealm.authenticate Exception performing authentication
javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ‘DC=test,DC=mtln,DC=com’
at com.sun.jndi.ldap.LdapCtx.processReturnCode(

Without going into further detail, i managed to resolve this by using port 3268 instead of 369. From what i read, Port 3268 sends LDAP searches to the Global Catalog.
Please try this out and check if it helps.

  1. SSH to the matillion instance.
  2. Edit file /etc/tomcat8/server.xml
  3. locate LDAP settings (<Realm /> tag) and change the port on connectionURL attribute to 3268
  4. ensure attribute userSubtree=“true”
  5. Save and close server.xml
  6. Restart tomcat – sudo service tomcat8 restart
  7. Ensure port 3268 is open on your security group

Hopefully this should resolve the issue. (fingers crossed)

Further reading –


Post Your Community Answer

To add an answer please login