https://communities.sas.com/t5/Administration-and-Deployment/LDAP-configuration-giving-an-error-for-user-configuration-in-sas/m-p/885776#M26979 <P>Hi,</P><P>I have configured and AD in my Microsoft server and configured the LDAP for it, I have kept my AD server public so that anyone can connect.</P><P>To check its connectivity I have installed apache directory studio in another windows instance and I am able to connect to my AD server using its host, user &amp; password.&nbsp;</P><P>so when I am configuring ldap for my Provider tenant from sas environment manager I am getting error as</P><PRE>LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\u0000]; remaining name 'ou=people,ou=provider,OU=sas,DC=my-cloud-app,DC=link'","properties":{"logger":"com.sas.identities.provider.ldap.LdapIdentityQueryRepository","thread":"configWatchTaskScheduler-1"}</PRE><P>&nbsp;So, i have kept my directory structure is like,</P><P>DC=my-cloud-app,DC=link</P><P>&gt; ou=sas</P><P>&gt;&gt;user=viya_admin</P><P>&gt;&gt;user=test-user</P><P>&nbsp;</P><P>So i have kept my userDN for viya_admin user and i have already delgate this user for Ou=sas and whole directory</P><P>&nbsp;</P><P>in User configuration, i given baseDN as "OU=sas,DC=my-cloud-app,DC=link" so ideally it should look for user in sas ou, but i am getting above error, and main thing we are getting is why it is appending ou=people,ou=provider&nbsp; as mention below, i haven't mentioned it in my user configuration</P><PRE>best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\u0000]; remaining name 'ou=people,ou=provider,OU=sas,DC=my-cloud-app,DC=link'"</PRE><P>so i want to understand why there is this errors are coming, from where it is fetching ou=people and ou=provider</P><PRE>{"version":1,"timeStamp":"2023-07-07T12:48:27.514Z","level":"info","source":"sas-identities","message":"[ADD_MEMBER_INFO] Adding viya_admin as a member of the group SASAdministrators","properties":{"logger":"com.sas.identities.config.DefaultMembershipLoader","thread":"configWatchTaskScheduler-1"},"messageKey":"com.sas.identities.LogMessages.ADD_MEMBER_INFO","messageParameters":{"0":"viya_admin","1":"SASAdministrators"}} {"version":1,"timeStamp":"2023-07-07T12:48:27.52Z","level":"warn","source":"sas-identities","message":"[IDENTITY_FETCH_LDAP_ERROR] Error occurred while fetching identity: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\u0000]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\u0000]; remaining name 'ou=people,ou=provider,OU=sas,DC=my-cloud-app,DC=link'","properties":{"logger":"com.sas.identities.provider.ldap.LdapIdentityQueryRepository","thread":"configWatchTaskScheduler-1"},"messageKey":"com.sas.identities.LogMessages.IDENTITY_FETCH_LDAP_ERROR","messageParameters":{"0":"[LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\t\u0000]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\t\u0000]; remaining name 'ou=people,ou=provider,OU=sas,DC=my-cloud-app,DC=link'"}} {"version":1,"timeStamp":"2023-07-07T12:48:27.523Z","level":"error","source":"sas-identities","message":"[GET_IDENTITY_MEMBER_ERROR] Cannot add viya_admin member to SASAdministrators group because the USER could not be found.","properties":{"logger":"com.sas.identities.config.DefaultMembershipLoader","thread":"configWatchTaskScheduler-1"},"messageKey":"com.sas.identities.LogMessages.GET_IDENTITY_MEMBER_ERROR","messageParameters":{"0":"viya_admin","1":"SASAdministrators","2":"USER"}} {"version":1,"timeStamp":"2023-07-07T12:48:27.523Z","level":"info","source":"sas-identities","message":"Refresh keys changed: [sas.identities.providers.ldap.user.baseDN]","properties":{"logger":"org.springframework.cloud.endpoint.event.RefreshEventListener","thread":"configWatchTaskScheduler-1"}} </PRE><P>also this viya_admin it is trying to add as member to SASAdministrator, i don't get from where and why it is trying to this user at first and second why i am getting this no object error even though i have user in given baseDN.</P><P>i have kept the rest attribute default for user configuration</P> Fri, 21 Jul 2023 09:34:26 GMT Shriramwasule 2023-07-21T09:34:26Z https://communities.sas.com/t5/Administration-and-Deployment/LDAP-configuration-giving-an-error-for-user-configuration-in-sas/m-p/885776#M26979 <P>Hi,</P><P>I have configured and AD in my Microsoft server and configured the LDAP for it, I have kept my AD server public so that anyone can connect.</P><P>To check its connectivity I have installed apache directory studio in another windows instance and I am able to connect to my AD server using its host, user &amp; password.&nbsp;</P><P>so when I am configuring ldap for my Provider tenant from sas environment manager I am getting error as</P><PRE>LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\u0000]; remaining name 'ou=people,ou=provider,OU=sas,DC=my-cloud-app,DC=link'","properties":{"logger":"com.sas.identities.provider.ldap.LdapIdentityQueryRepository","thread":"configWatchTaskScheduler-1"}</PRE><P>&nbsp;So, i have kept my directory structure is like,</P><P>DC=my-cloud-app,DC=link</P><P>&gt; ou=sas</P><P>&gt;&gt;user=viya_admin</P><P>&gt;&gt;user=test-user</P><P>&nbsp;</P><P>So i have kept my userDN for viya_admin user and i have already delgate this user for Ou=sas and whole directory</P><P>&nbsp;</P><P>in User configuration, i given baseDN as "OU=sas,DC=my-cloud-app,DC=link" so ideally it should look for user in sas ou, but i am getting above error, and main thing we are getting is why it is appending ou=people,ou=provider&nbsp; as mention below, i haven't mentioned it in my user configuration</P><PRE>best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\u0000]; remaining name 'ou=people,ou=provider,OU=sas,DC=my-cloud-app,DC=link'"</PRE><P>so i want to understand why there is this errors are coming, from where it is fetching ou=people and ou=provider</P><PRE>{"version":1,"timeStamp":"2023-07-07T12:48:27.514Z","level":"info","source":"sas-identities","message":"[ADD_MEMBER_INFO] Adding viya_admin as a member of the group SASAdministrators","properties":{"logger":"com.sas.identities.config.DefaultMembershipLoader","thread":"configWatchTaskScheduler-1"},"messageKey":"com.sas.identities.LogMessages.ADD_MEMBER_INFO","messageParameters":{"0":"viya_admin","1":"SASAdministrators"}} {"version":1,"timeStamp":"2023-07-07T12:48:27.52Z","level":"warn","source":"sas-identities","message":"[IDENTITY_FETCH_LDAP_ERROR] Error occurred while fetching identity: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\u0000]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\u0000]; remaining name 'ou=people,ou=provider,OU=sas,DC=my-cloud-app,DC=link'","properties":{"logger":"com.sas.identities.provider.ldap.LdapIdentityQueryRepository","thread":"configWatchTaskScheduler-1"},"messageKey":"com.sas.identities.LogMessages.IDENTITY_FETCH_LDAP_ERROR","messageParameters":{"0":"[LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\t\u0000]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\t\u0000]; remaining name 'ou=people,ou=provider,OU=sas,DC=my-cloud-app,DC=link'"}} {"version":1,"timeStamp":"2023-07-07T12:48:27.523Z","level":"error","source":"sas-identities","message":"[GET_IDENTITY_MEMBER_ERROR] Cannot add viya_admin member to SASAdministrators group because the USER could not be found.","properties":{"logger":"com.sas.identities.config.DefaultMembershipLoader","thread":"configWatchTaskScheduler-1"},"messageKey":"com.sas.identities.LogMessages.GET_IDENTITY_MEMBER_ERROR","messageParameters":{"0":"viya_admin","1":"SASAdministrators","2":"USER"}} {"version":1,"timeStamp":"2023-07-07T12:48:27.523Z","level":"info","source":"sas-identities","message":"Refresh keys changed: [sas.identities.providers.ldap.user.baseDN]","properties":{"logger":"org.springframework.cloud.endpoint.event.RefreshEventListener","thread":"configWatchTaskScheduler-1"}} </PRE><P>also this viya_admin it is trying to add as member to SASAdministrator, i don't get from where and why it is trying to this user at first and second why i am getting this no object error even though i have user in given baseDN.</P><P>i have kept the rest attribute default for user configuration</P> Fri, 21 Jul 2023 09:34:26 GMT https://communities.sas.com/t5/Administration-and-Deployment/LDAP-configuration-giving-an-error-for-user-configuration-in-sas/m-p/885776#M26979 Shriramwasule 2023-07-21T09:34:26Z https://communities.sas.com/t5/Administration-and-Deployment/LDAP-configuration-giving-an-error-for-user-configuration-in-sas/m-p/885824#M26985 It sounds like you have not set the user configuration to "Apply configuration only to this tenant" so it is trying to use the configuration for a single LDAP configuration for all tenants. This expects a specific LDAP structure, which it's trying to use here. This is discussed here:<BR /><BR />Set Up Accounts for Multi-tenant Deployments: Single LDAP Server for All Tenants<BR /><A href="https://go.documentation.sas.com/doc/en/calcdc/3.5/dplyml0phy0lax/n15hhewllr5ji2n1sxf96imqvtpj.htm#p1hg2b12g1pc3sn12nyuhdl47qyl" target="_blank">https://go.documentation.sas.com/doc/en/calcdc/3.5/dplyml0phy0lax/n15hhewllr5ji2n1sxf96imqvtpj.htm#p1hg2b12g1pc3sn12nyuhdl47qyl</A><BR /><BR />whereas what you want to do is here:<BR />Set Up Accounts for Multi-tenant Deployments: Separate LDAP Server per Tenant<BR /><A href="https://go.documentation.sas.com/doc/en/calcdc/3.5/dplyml0phy0lax/n15hhewllr5ji2n1sxf96imqvtpj.htm#n1o63hqzwa1ry8n1glia1d2x92ib" target="_blank">https://go.documentation.sas.com/doc/en/calcdc/3.5/dplyml0phy0lax/n15hhewllr5ji2n1sxf96imqvtpj.htm#n1o63hqzwa1ry8n1glia1d2x92ib</A> Fri, 21 Jul 2023 14:12:12 GMT https://communities.sas.com/t5/Administration-and-Deployment/LDAP-configuration-giving-an-error-for-user-configuration-in-sas/m-p/885824#M26985 gwootton 2023-07-21T14:12:12Z https://communities.sas.com/t5/Administration-and-Deployment/LDAP-configuration-giving-an-error-for-user-configuration-in-sas/m-p/885829#M26986 Thanks for the reply,<BR />I am using separate LDAP config for each tenant, currently I want to enable<BR />LDAP for provider tenant. I have logged into the environment manager<BR />account using sasboot user.<BR /><BR /> Fri, 21 Jul 2023 14:39:56 GMT https://communities.sas.com/t5/Administration-and-Deployment/LDAP-configuration-giving-an-error-for-user-configuration-in-sas/m-p/885829#M26986 Shriramwasule 2023-07-21T14:39:56Z https://communities.sas.com/t5/Administration-and-Deployment/LDAP-configuration-giving-an-error-for-user-configuration-in-sas/m-p/885831#M26987 Yes, so you'll need to turn on the "Apply configuration only to this tenant" switch in your sas.identities.providers.ldap.user configuration in the provider tenant. From your description, this is currently off. Fri, 21 Jul 2023 14:46:12 GMT https://communities.sas.com/t5/Administration-and-Deployment/LDAP-configuration-giving-an-error-for-user-configuration-in-sas/m-p/885831#M26987 gwootton 2023-07-21T14:46:12Z