Yubico Forum
https://forum.yubico.com/

Yubiradius : importing users from LDAP
https://forum.yubico.com/viewtopic.php?f=5&t=686
Page 1 of 1

Author:  chimere [ Wed Jun 15, 2011 1:51 am ]
Post subject:  Yubiradius : importing users from LDAP

Hi,

I have been struggling to import users from an AD server from YubiRadius. And I have seen other posts citing the same problems.

The problem is that you can only import users on one level. It is not possible to search users in a subtree. The LDAP search request is forcing a scope of one (one level only) and there is no way to specify another scope (sub). Life would be so much easier if this option was added in the settings on the import users. This would allow to import users from different OUs and on different levels.

Would it be possible to add the option of selecting the scope of the LDAP search in the "Import user" settings?
In the meantime, does someone knows where the LDAP search parameters are stored on the YubiRadius VMware image? It should be possible to directly change the scope of one for a scope of sub in the configuration file.

Thanks a lot.

Author:  samir [ Wed Jun 15, 2011 12:01 pm ]
Post subject:  Re: Yubiradius : importing users from LDAP

This feature will be available in the next release of the RoP application which is currently under road map. Stay tuned to get more information about it during next couple of weeks.

Author:  chimere [ Wed Jun 15, 2011 10:01 pm ]
Post subject:  Re: Yubiradius : importing users from LDAP

Great!

Thanks for the fast reply. I am evaluating Yubikeys for our VPN access and with this feature, the last hurdle will be put away.

You have a great product by the way.

Author:  GregL [ Fri Jul 08, 2011 5:41 pm ]
Post subject:  Re: Yubiradius : importing users from LDAP

This is good news as this is the last roadblock to replacing my company's RSA keyfob based authentication infrastructure with Yubikeys. Do we have a data when this next version will be released or is their a notification system?

Author:  GregL [ Tue Jul 26, 2011 4:24 pm ]
Post subject:  Re: Yubiradius : importing users from LDAP

Just saw in another post where it looks like version 3 of ROP has been released.
http://wiki.yubico.com/wiki/index.php/YubiRADIUS_Virtual_Appliance_version_3.0

I've installed and configured it, but it looks like you still can only have one level of users per domain. Did this feature not make it in as planed? Is it still on the road map, and any idea on when it will be added?

I really want to switch my users over from RSA to Yubikey, but with about 50 or so different Organizational Units full of users in my AD domain I can't without this ability.

Thanks,

Author:  samir [ Wed Jul 27, 2011 6:41 am ]
Post subject:  Re: Yubiradius : importing users from LDAP

While importing the users, in the Base DN field provide the complete DN of the domain. For example, if you want to import the users from example.com domain, then provide Base DN as "DC=example,DC=com" and try again.

Author:  GregL [ Wed Jul 27, 2011 5:41 pm ]
Post subject:  Re: Yubiradius : importing users from LDAP

That is what I did originally. In my case it is "DC=subdomain,DC=parentdomain,DC=com"

However, I just went back and deleted the original domain I'd setup in ROP and recreated it again and this time it worked. Don't know what if anything was different the second time, but it worked.

Thanks,

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/