OneFuse LDAP Troubleshooting


In this article we will go over troubleshooting LDAP in OneFuse


OneFuse will need to be installed/configured and LDAP should already be setup. Please see article below in the additional links on how to setup LDAP if that’s not completed


SSH into the OneFuse appliance

  1. Once we’re connected to the appliance, we can open Shell Plus

    /opt/cloudbolt/ shell_plus

View current LDAP Configuration

  1. Map LDAPUtility to ldap
    Note: Replace with your actual domain

    ldap = LDAPUtility.objects.get(ldap_domain="")

  2. View LDAP configuration using “dict


    Output (Example)

    {'_state': <django.db.models.base.ModelState at 0x7f5d0b30bcc0>,
     'id': 1,
     'ip': '',
     'port': 389,
     'protocol': 'ldap',
     'version': '3',
     'serviceaccount': '',
     'servicepasswd': '',
     'ldap_domain': '',
     'base_dn': 'DC=domain,DC=net',
     'ldap_filter': None,
     'disabled_filter': 'userAccountControl:1.2.840.113556.1.4.803:=2',
     'ldap_username': 'sAMAccountName',
     'ldap_first': 'givenName',
     'ldap_last': 'sn',
     'ldap_mail': 'mail',
     'email_format': None,
     'auto_create_user': True}

Search for user in LDAP

  1. Run user search from ldap map we made above


    Output (Good)

    Out[11]: [('CN=Admin,OU=Users,DC=domain,DC=net', {})]

    Output (Bad)
    Note: Your base_dn might need to be updated which will be covered in the next section.

    Out[7]: []

Update LDAP properties

  1. Update the base_dn property or any others that need to be adjusted

    ldap.base_dn = "DC=domain,DC=net"

    Note: The base DN is used for user and group search. It is recommended to keep it closer to the root DN

  2. (Optional) Feel free to update any other properties at this point using the example below. The properties are listed above when we ran the “__dict__” command

    ldap.ldapproperty  = newvalue

  3. Once we’ve updated all our properties, we need to save it

  4. To verify the changes are made, run the below command


View LDAP Mappings

  1. View the LDAP Mappings you configured by running these commands


    Output (Example)

    <QuerySet [<LDAPMapping: LDAPMapping object (1)>, <LDAPMapping: LDAPMapping object (2)>]>

  2. Lets grab the first object and return the properties it has


    Output (Example)

    {'_state': <django.db.models.base.ModelState at 0x7f5d0aa04160>,
     'id': 1,
     'ldap_utility_id': 1,
     'ldap_ou_dn': '',
     'ldap_group_dn': 'CN=GirAdmins,OU=orisa,OU=build,DC=domain,DC=net',
     'is_cbadmin': False,
     'is_super_admin': False,
     'is_devops_admin': False,
     'has_api_access': True,
     'is_global_viewer': False}

  3. If there are multiples and you want to see all, we can loop through and return any of the properties on each. We’ll map the ldapmapping_set to maps and then loop through it to return the ldap_group_dn for each

    maps = ldap.ldapmapping_set.all()
    for map in maps:

    Output (Example)


Update LDAP Mapping

  1. If we ran the above commands, we should still have maps so we can use that to update the properties for an ldapmappingset. We’ll update the ldap_group_dn on the first element in maps

    maps[0].ldap_group_dn = 'CN=GirAdminss,OU=orisa,OU=build,DC=domain,DC=net'

  2. Once we’ve made our changes, we’ll need to save it


  3. We can make sure the changes took by running the “__dict__” command


    Output (Example)

    {'_state': <django.db.models.base.ModelState at 0x7f5d0a4b8a58>,
     'id': 1,
     'ldap_utility_id': 1,
     'ldap_ou_dn': '',
     'ldap_group_dn': 'CN=GirAdminss,OU=orisa,OU=build,DC=domain,DC=net',
     'is_cbadmin': False,
     'is_super_admin': False,
     'is_devops_admin': False,
     'has_api_access': True,
     'is_global_viewer': False}

Delete LDAP Mappings

  1. If we still have the maps array, we can loop through and delete the ldap mappings. If not, we can run the first command below to map it

    maps = ldap.ldapmapping_set.all()
    for map in maps:
        ...:     map.delete()

    Output (Good)

    <QuerySet []>

Delete LDAP Configuration

  1. We can delete the entire LDAP configuration by running this command below

     ldap = LDAPUtility.objects.get(ldap_domain="")

    Output (Good)

     {'accounts.UserProfile_custom_field_values': 0,
      'accounts.PasswordHistory': 0,
      'sso.BaseSSOProvider_contact_person': 0,
      'bookmarks.Bookmark': 0,
      'portals.PortalConfig_ldaps': 0,
      'utilities.LDAPUtility': 1,
      'accounts.GroupRoleMembership': 1,
      'accounts.UserProfile': 1})

  2. Now we can verify that it’s deleted


    Output (Good)

    DoesNotExist                              Traceback (most recent call last)
    <ipython-input-17-e9b78a601e50> in <module>
    ----> 1 ldap = LDAPUtility.objects.get(ldap_domain="")
    /usr/local/lib/python3.6/site-packages/django/db/models/ in manager_method(self, *args, **kwargs)
         80         def create_method(name, method):
         81             def manager_method(self, *args, **kwargs):
    ---> 82                 return getattr(self.get_queryset(), name)(*args, **kwargs)
         83             manager_method.__name__ = method.__name__
         84             manager_method.__doc__ = method.__doc__
    /usr/local/lib/python3.6/site-packages/django/db/models/ in get(self, *args, **kwargs)
        406             raise self.model.DoesNotExist(
        407                 "%s matching query does not exist." %
    --> 408                 self.model._meta.object_name
        409             )
        410         raise self.model.MultipleObjectsReturned(
    DoesNotExist: LDAPUtility matching query does not exist.

Additional information

OneFuse LDAP Configuration

Have more questions? Submit a request


Please sign in to leave a comment.