LDAP aggregation does not work because accounts and groups are at Root DSE level

IrfanAkcasar2023 · April 29, 2023, 6:53am

Hi Community,

I am in front of an LDAP directory wherein its owner has put all accounts and security groups at the level of Root DSE, which means that I cannot use a valid Search DN for configuring my Connector at the side of IIQ. Moreover, I looked for a usable Base DN and unfortunately this LDAP does not have that as well : at root level I only have “Root DSE” and then the rest is accounts and groups, that’s it

Is there any known workaround ?

Thanks !

brian_weigel · April 30, 2023, 9:04pm

According to the LDAP standard, the Root DSE is effectively a zero-length String. If you’re lucky, you might be able to use an empty string for the base DN and root DN, but I highly suspect that will throw connector errors (and I don’t thing the UI allows those fields to be left empty).

Unfortunately, there are no work-arounds that I’m aware of beyond that long-shot noted above.

Topic		Replies	Views
Regarding aggregation in IDN from ADLDS(LDAP) ISC Discussion and Questions identity-security-cloud	8	58	September 30, 2024
LDAP error during AD Account Aggregation IIQ Discussion and Questions aggregation , identityiq , connectors	6	399	November 16, 2024
Unable to get membership group after aggregation IIQ Discussion and Questions aggregation , entitlements	3	693	July 19, 2023
Custom Account Aggregation via Rule for AD Direct IIQ Application IIQ Discussion and Questions	2	1131	July 19, 2023
AD account Aggregation Issue ISC Discussion and Questions aggregation , identity-security-cloud	9	88	January 3, 2025

LDAP aggregation does not work because accounts and groups are at Root DSE level

Related topics