--On Friday, August 16, 2024 5:19 AM +0000 Ajay Kumar Ajay41.Kumar@airtel.com wrote:
Hi Team,
we get stuck at configuring Openldap for enabling Multifactorauthentication for ldap users. As per duo support team, for doing the same we need to configure schema includes the memberOf overlay for groups and that the following requirements to satisfied:
It would be useful for you to provide what version of OpenLDAP you are running.
The OpenLDAP documentation, including for the memberOf overlay, can be found at https://www.openldap.org
Synced groups must have the groupOfNames object class.
This is something that whatever process you have that creates group does.
Synced groups must list their members by DN (directoryName) via the member attribute.
Same as above
Synced groups must have a cn attribute, used as the Duo group name after import.
Same as above.
Synced groups must also have the attributes entrydn (used as the distinguished name) and entryuuid (the group unique identifier).
These are operational attributes that the server automatically creates.
Synced users must list group memberships by DN using the memberOf attribute.
See the documentation for the memberOf overlay
Synced users must have the organizationalPerson object class.
This is something that whatever the process you have that creates users does. I would note that you could use higher level objects that inherit organizationalPerson just fine (i.e., inetOrgPerson which is what most people use).
Ldap server is getting synced successfully with Duo admin portalbut groups and users details not getting fetched at duo admin portal. Duo support team mentioned to change ldap configuration as mention in below mentioned article. Can you pls share some reference document to make required changes.
Again, the documentation for OpenLDAP can be found at https://www.openldap.org/