When using the "Static" strategy to import LDAP groups into Artifactory Pro, Artifactory fails to find groups when using the "Filter by username" field. This following error shows up in the logs:
2014-12-10 12:09:32,034 [ajp-bio-8019-exec-538] [ERROR] (o.a.a.l.p.LdapGroupProviderImpl:190) - An error occurred while retrieving LDAP groups with strategy STATIC, org.springframework.ldap.InvalidNameException: ou=memberList,ou=ibmgroups: [LDAP: error code 34 - Invalid DN Syntax]; nested exception is javax.naming.InvalidNameException: ou=artifactory,ou=groups: [LDAP: error code 34 - Invalid DN Syntax]; remaining name 'ou=artifactory,ou=groups'
When I use wireshark to capture the network traffic to the LDAP server I can see it tries to do a query similar to the following:
I tried this search filter directly against our LDAP server and figured out that the problem is that the uniquemember attribute on the group must be a DN and if you try to search for anything other than a DN the search will fail with an LDAP Error 34 - Invalid DN Syntax.
We do not directly control this LDAP server and cannot disable strict validation to work around this issue.
Would it be possible to adjust the way Artifactory searches for users in a group to only search on DN or make this a configurable option?
Would be happy to provide more detail as necessary.
This may be related to the fix applied for