It's all about the answers!

Ask a question

Issues about LDAP (Active Directory) authentication


Luca Martinucci (1.0k284109) | asked Mar 16 '12, 7:53 a.m.
With RTC configured for authentication against Active Directory, I have a doubt concerning base user DN and base group DN.
I noticed that, if I empty the Base user DN field (I did that becausethe base DN was to restrictive and only a few users had been imported), RTC is no longer able to resolve the groups membership of any user, so that users have no assigned roles.
In addition, the RTC admin console says that the Find groups for user query is performed in the context of the Base group DN.
What exactly does that mean?

Accepted answer


permanent link
Kim Soederhamn (1.5k23841) | answered Mar 28 '12, 4:17 a.m.
With RTC configured for authentication against Active Directory, I have a doubt concerning base user DN and base group DN.
I noticed that, if I empty the Base user DN field (I did that becausethe base DN was to restrictive and only a few users had been imported), RTC is no longer able to resolve the groups membership of any user, so that users have no assigned roles.
In addition, the RTC admin console says that the Find groups for user query is performed in the context of the Base group DN.
What exactly does that mean?


The base user dn - is the lowest level you can find where all your users are in the subtree eg if you have:
usera in ou=persons ou=users dc=company dc=com and
userb in ou=users, dc=company, dc=com
then your base dn is ou=users, dc=company, dc=com

Check out the following article for clues:

http://jazz.net/library/article/479/
Luca Martinucci selected this answer as the correct answer

Your answer


Register or to post your answer.