Hi Team,
we get stuck at configuring Openldap for enabling Multifactor authentication for ldap users. As per duo support team, for doing the same we need to configure schema includes the memberOf overlay for groups and that the following requirements to satisfied:
Synced groups must have the groupOfNames object class.
Synced groups must list their members by DN (directoryName) via the member attribute.
Synced groups must have a cn attribute, used as the Duo group name after import.
Synced groups must also have the attributes entrydn (used as the distinguished name) and entryuuid (the group unique identifier).
Synced users must list group memberships by DN using the memberOf attribute.
Synced users must have the organizationalPerson object class.
We are trying to enable Multifactor authentication using duo auth proxy & duo admin panel configuration for ldap users.
Ldap server is getting synced successfully with Duo admin portal but groups and users details not getting fetched at duo admin portal. Duo support team mentioned to change ldap configuration as mention in below mentioned article. Can you pls share some reference document to make required changes.
https://duo.my.site.com/s/article/4529?language=en_US
Regards,
Ajay Kumar
Engineering Cloud Ops | Bharti Airtel Ltd.
Mob.: +91 8510020994
[photo_6075787602121832799_m]
*********************************************************************************************************************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited . The information contained in this mail is propriety and strictly confidential. *********************************************************************************************************************************************************************** “CONFIDENTIALITY NOTICE This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.”
