Hi,

I have configured and AD in my Microsoft server and configured the LDAP for it, I have kept my AD server public so that anyone can connect.

To check its connectivity I have installed apache directory studio in another windows instance and I am able to connect to my AD server using its host, user & password. 

so when I am configuring ldap for my Provider tenant from sas environment manager I am getting error as

LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\u0000]; remaining name 'ou=people,ou=provider,OU=sas,DC=my-cloud-app,DC=link'","properties":{"logger":"com.sas.identities.provider.ldap.LdapIdentityQueryRepository","thread":"configWatchTaskScheduler-1"}

 So, i have kept my directory structure is like,

DC=my-cloud-app,DC=link

> ou=sas

>>user=viya_admin

>>user=test-user

So i have kept my userDN for viya_admin user and i have already delgate this user for Ou=sas and whole directory

in User configuration, i given baseDN as "OU=sas,DC=my-cloud-app,DC=link" so ideally it should look for user in sas ou, but i am getting above error, and main thing we are getting is why it is appending ou=people,ou=provider  as mention below, i haven't mentioned it in my user configuration

best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\u0000]; remaining name 'ou=people,ou=provider,OU=sas,DC=my-cloud-app,DC=link'"

so i want to understand why there is this errors are coming, from where it is fetching ou=people and ou=provider

{"version":1,"timeStamp":"2023-07-07T12:48:27.514Z","level":"info","source":"sas-identities","message":"[ADD_MEMBER_INFO] Adding viya_admin as a member of the group SASAdministrators","properties":{"logger":"com.sas.identities.config.DefaultMembershipLoader","thread":"configWatchTaskScheduler-1"},"messageKey":"com.sas.identities.LogMessages.ADD_MEMBER_INFO","messageParameters":{"0":"viya_admin","1":"SASAdministrators"}}
{"version":1,"timeStamp":"2023-07-07T12:48:27.52Z","level":"warn","source":"sas-identities","message":"[IDENTITY_FETCH_LDAP_ERROR] Error occurred while fetching identity: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\u0000]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\u0000]; remaining name 'ou=people,ou=provider,OU=sas,DC=my-cloud-app,DC=link'","properties":{"logger":"com.sas.identities.provider.ldap.LdapIdentityQueryRepository","thread":"configWatchTaskScheduler-1"},"messageKey":"com.sas.identities.LogMessages.IDENTITY_FETCH_LDAP_ERROR","messageParameters":{"0":"[LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\t\u0000]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=sas,DC=my-cloud-app,DC=link'\n\t\u0000]; remaining name 'ou=people,ou=provider,OU=sas,DC=my-cloud-app,DC=link'"}}
{"version":1,"timeStamp":"2023-07-07T12:48:27.523Z","level":"error","source":"sas-identities","message":"[GET_IDENTITY_MEMBER_ERROR] Cannot add viya_admin member to SASAdministrators group because the USER could not be found.","properties":{"logger":"com.sas.identities.config.DefaultMembershipLoader","thread":"configWatchTaskScheduler-1"},"messageKey":"com.sas.identities.LogMessages.GET_IDENTITY_MEMBER_ERROR","messageParameters":{"0":"viya_admin","1":"SASAdministrators","2":"USER"}}
{"version":1,"timeStamp":"2023-07-07T12:48:27.523Z","level":"info","source":"sas-identities","message":"Refresh keys changed: [sas.identities.providers.ldap.user.baseDN]","properties":{"logger":"org.springframework.cloud.endpoint.event.RefreshEventListener","thread":"configWatchTaskScheduler-1"}}

also this viya_admin it is trying to add as member to SASAdministrator, i don't get from where and why it is trying to this user at first and second why i am getting this no object error even though i have user in given baseDN.

i have kept the rest attribute default for user configuration