This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Selecting users and groups from LDAP Server

We are running PAM 4.1 and are looking into upgrading from the Command Control policy engine to the Access Control policy engine. When creating a user role, if we drill down into our LDAP server to add a user/group, we get the following, with the three dots animating but minutes pass without anything being displayed. We do have many users/groups in eDir but how long do we need to wait until entries start appearing? Our users OU has ~400k entries and we have the Base DN of the eDir LDAP Server set to the user OU.

  • 0  

    Hi Achinayoung,

    Try the below in the sequence mentioned - 

    1) In PAM LDAP configuration, set the scope to 'Subtree' and retry the LDAP browsing. (Assuming the scope is set to 'One' in the PAM LDAP configuration).

    2) If the above does not work, in the PAM LDAP configuration, set the "baseDN" to the parent container of the Users container and retry the LDAP browsing.



  • 0  

    Hi Achinayoung,

    Try the below in the sequence mentioned - 

    1) In PAM LDAP configuration, set the scope to 'Subtree' and retry the LDAP browsing. (Assuming the scope is set to 'One' in the PAM LDAP configuration).

    2) If the above does not work, in the PAM LDAP configuration, set the "baseDN" to the parent container of the Users container and retry the LDAP browsing.



  • 0 in reply to   

    I tried #1 and that only lists the two OU's underneath ou=users. If I click on ou=users, I am back where I started, with the three dots in a wave pattern minutes on end with no users displayed.

    I tried #2 and, with scope="Subtree", get something similar to attempt #1. If I click on "users", I am back where I started, with the three dots in a wave pattern minutes on end with no users displayed.

    Seems PAM is not designed to handle a large number of users in the LDAP directory.