LDAP group sync fails with error "Error": ldap: filter does not start with an '('" on OpenShift Container Platform

Solution Verified - Updated -

Issue

  • In order to sync Augmented Active Directory created yml file per example "Example 16. LDAP Sync Configuration Using Augmented Active Directory Schema: augmented_active_directory_config.yaml" in documentation.
[...]
augmentedActiveDirectory:
    groupsQuery:
        baseDN: "ou=groups,dc=example,dc=com"
        scope: sub
        derefAliases: never
        pageSize: 0
    groupUIDAttribute: dn 1
    groupNameAttributes: [ cn ] 2
    usersQuery:
        baseDN: "ou=users,dc=example,dc=com"
        scope: sub
        derefAliases: never
        pageSize: 0
[...]

When trying to sync groups it fails.

# oc adm groups sync --sync-config=example-sync.yaml  --confirm
error: validation of LDAP sync config failed: usersQuery.filter: Invalid value: "": invalid query filter: LDAP Result Code 201 "Filter Compile Error": ldap: filter does not start with an '('
See 'oc adm groups sync -h' for help and examples.

Environment

  • OpenShift Container Platform 3.9
  • Active Directory

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content