Re: LDAP problem with qlik sense server - Qlik Community

Pato1984 · ‎2019-10-09

Hello ,

I have a problem with my connector of LDAP cannot retrieve users

even if the sync work and the task is succesfull

in the log I see :

Children not reachable for ldap and database done with 0 users and 0 groups even if with ldap admin when I write the same path I have my users

my path is LDAP ://myIP/dc=X,dc,Z,dc,Y

I tried also with

LDAP ://myIP/ou=users,dc=X,dc,Z,dc,Y

and with additionnal filters like

(&(objectCategory=person)(objectClass=user)
(cn=*))

but it doesn't work my version of qlik sense is june 2019 sr3 and my OS is windows server 2012

thank you for your help

Giuseppe_Novello · ‎2019-10-14

IT might be that your syntax is incorrect. HAve you tried other tool like LDAP browser ?

https://www.ldapadministrator.com/download.htm

I would first verify if the syntax is correct if not, here more info about LDAP filtering:

https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax?redirectedfrom=MSDN

BR

Gio

Giuseppe Novello
Principal Technical Support Engineer @ Qlik

Pato1984 · ‎2019-10-14

Thank you for your reply my syntax is correct because on ldapadmin I see my users with the same syntax.

Giuseppe_Novello · ‎2019-10-14

Just to confirm, is this the test you perform:

https://support.qlik.com/articles/000042337

Giuseppe Novello
Principal Technical Support Engineer @ Qlik

Pato1984 · ‎2019-10-16

Hello,

yes i did the whole test .

rzenere_avvale · ‎2019-10-16

Goodmorning @Pato1984 ,

I had a similar issue in the past, when using LDAPAdmin i was able to retrieve users but from QS I was not.
To solve it I had to point to a specific Domain Controller (es DC1, DC2, ...) and to the port 3268, which is the Global Catalog.

I hope this helps,
Riccardo

Pato1984 · ‎2019-10-16

thank you for you reply Riccardo but when I write my path with your port it doesn't work
I write LDAP:\\MYIP:3268/dc=x,dc,y,dc=local

rzenere_avvale · ‎2019-10-16

Just to be completely sure, could you try those checks?

still from LDAPAdmin, could you check if it keeps working with the new port? If not, it could be that some port is blocked. I don't think that the Global Catalog could be 'turned off' at all
if it is working from LDAPAdmin, check that you didn't write LDAP:\\ but LDAP://! The remaining part of the path seems correct (I usually go by name more than IP, but the result should be equivalent)
could you create a new 'Generic LDAP' UDC? There is a kb article that describes how to create this kind of connection: https://qliksupport.force.com/articles/000012415

Riccardo

Pato1984 · ‎2019-10-16

Hello Riccardo,

I add the port 3268 in the ldapadmin but it' doesn't work and I did all the others steps but still the same problem .

rzenere_avvale · ‎2019-10-17

Hi Pato,

unluckily I do not have any other guesses at this time. I suggest to double check if there is a firewall blocking the port or some other policy.

Riccardo

LDAP problem with qlik sense server

General Question