Qlik Community

New to Qlik Sense

Discussion board where members can get started with Qlik Sense.

pamaxeed
Contributor III

User sync fails - Generic LDAP

Hi,

we have tried to synch our user from the AD through a Generic LDAP connector, but we are encountering the following issue, that only groups are synchronized not the users, as we can read from the .log files.

Attached the .log files.

Someone can support us?

Log Messages says:

Database done with 0 users and 234 groups in user directory (MYDOMAIN, b6bbe7e4-3fa7-4cf5-bb23-77d96e94dc36)

Following filter was applied:

(memberOf=cn=DSR-CS-CH-FFFF_ReadOnly_UAT,DC=ch,DC=ad,DC=dehani,DC=net)

What is going on?

Thanks and regards,

Patric

Tags (1)
3 Replies
jan_lance
New Contributor

Re: User sync fails - Generic LDAP

Hi,

did you solve this issue?

I have the exact same problem.

Regards

Jan

pamaxeed
Contributor III

Re: User sync fails - Generic LDAP

Hi Jan,

unfortunately not.

If someone could support us here we would be very glad :-).

Regards,

Patric

simonpinnow
New Contributor II

Re: User sync fails - Generic LDAP

Hi Patric,

we solved the problem and in our enviroment the Generic LDAP works fine. Now we have different values in DisplayName and User-ID. While using the Windows AD connector we had the same value in both fields because we load Windows AD not as standard.

Solution:

We had to modify two entries in "Directory Entry Attributes" section.

  • The first one is the field "User identification". Here you have to enter the value of the Windows-AD field "objectclass" which identifies a user in your Windows-AD. The defaut value is "inetOrgPerson" which is a class of Domino LDAP.

    In our case users are identified by "user". After changing this value sync worked fine.

    In other words: The Generic LDAP connector compares the values of the fields "User identification" and "Group identification" in the Windows-AD field "type" (which could be configured and is in default objectclass).

  • To change the DisplayName we changed the value of the field "Display Name".

If you are not sure which values you have to use, download a free Windows-AD explorer and search for your account...

I hope this helps!

Best regards

Simon