Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:47 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 7 posts ] 
Author Message
PostPosted: Wed Jun 15, 2011 1:51 am 
Offline

Joined: Wed Jun 15, 2011 1:31 am
Posts: 2
Hi,

I have been struggling to import users from an AD server from YubiRadius. And I have seen other posts citing the same problems.

The problem is that you can only import users on one level. It is not possible to search users in a subtree. The LDAP search request is forcing a scope of one (one level only) and there is no way to specify another scope (sub). Life would be so much easier if this option was added in the settings on the import users. This would allow to import users from different OUs and on different levels.

Would it be possible to add the option of selecting the scope of the LDAP search in the "Import user" settings?
In the meantime, does someone knows where the LDAP search parameters are stored on the YubiRadius VMware image? It should be possible to directly change the scope of one for a scope of sub in the configuration file.

Thanks a lot.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Jun 15, 2011 12:01 pm 
Offline
Yubico Team
Yubico Team

Joined: Mon Feb 22, 2010 9:49 am
Posts: 183
This feature will be available in the next release of the RoP application which is currently under road map. Stay tuned to get more information about it during next couple of weeks.


Top
 Profile  
Reply with quote  
PostPosted: Wed Jun 15, 2011 10:01 pm 
Offline

Joined: Wed Jun 15, 2011 1:31 am
Posts: 2
Great!

Thanks for the fast reply. I am evaluating Yubikeys for our VPN access and with this feature, the last hurdle will be put away.

You have a great product by the way.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 08, 2011 5:41 pm 
Offline

Joined: Thu Apr 21, 2011 9:03 pm
Posts: 14
This is good news as this is the last roadblock to replacing my company's RSA keyfob based authentication infrastructure with Yubikeys. Do we have a data when this next version will be released or is their a notification system?


Top
 Profile  
Reply with quote  
PostPosted: Tue Jul 26, 2011 4:24 pm 
Offline

Joined: Thu Apr 21, 2011 9:03 pm
Posts: 14
Just saw in another post where it looks like version 3 of ROP has been released.
http://wiki.yubico.com/wiki/index.php/YubiRADIUS_Virtual_Appliance_version_3.0

I've installed and configured it, but it looks like you still can only have one level of users per domain. Did this feature not make it in as planed? Is it still on the road map, and any idea on when it will be added?

I really want to switch my users over from RSA to Yubikey, but with about 50 or so different Organizational Units full of users in my AD domain I can't without this ability.

Thanks,


Top
 Profile  
Reply with quote  
PostPosted: Wed Jul 27, 2011 6:41 am 
Offline
Yubico Team
Yubico Team

Joined: Mon Feb 22, 2010 9:49 am
Posts: 183
While importing the users, in the Base DN field provide the complete DN of the domain. For example, if you want to import the users from example.com domain, then provide Base DN as "DC=example,DC=com" and try again.


Top
 Profile  
Reply with quote  
PostPosted: Wed Jul 27, 2011 5:41 pm 
Offline

Joined: Thu Apr 21, 2011 9:03 pm
Posts: 14
That is what I did originally. In my case it is "DC=subdomain,DC=parentdomain,DC=com"

However, I just went back and deleted the original domain I'd setup in ROP and recreated it again and this time it worked. Don't know what if anything was different the second time, but it worked.

Thanks,


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group