Analyzing LDAP Group search

How to troubleshoot LDAP configuration
AuthorFullName__c
Valeriy Petrov
articleNumber
000004803
ft:sourceType
Salesforce
FirstPublishedDate
2020-05-11T09:54:53Z
lastModifiedDate
2024-03-10T07:45:51Z
VersionNumber
10
User-added image
 
 
1. In the example below, we see a successful search for groups in Active Directory. Note that searchRequest queries the LDAP server and applies the Filter defined in the LDAP Group Settings, starting at the DN defined in the Search Base.

1    0.000000    10.132.0.88    10.166.0.2    LDAP    351    searchRequest(22) "ou=Groups,dc=test,dc=com" wholeSubtree 
2    0.035339    10.166.0.2    10.132.0.88    LDAP    207    searchResEntry(22) "cn=developers,ou=Groups,dc=test,dc=com" 
3    0.035377    10.166.0.2    10.132.0.88    LDAP    222    searchResEntry(22) "cn=users,ou=Groups,dc=test,dc=com" 
4    0.035382    10.166.0.2    10.132.0.88    LDAP    197    searchResEntry(22) "cn=support,ou=Groups,dc=test,dc=com" 
5    0.035385    10.166.0.2    10.132.0.88    LDAP    224    searchResEntry(22) "cn=admins,ou=Groups,dc=test,dc=com" 
6    0.035389    10.166.0.2    10.132.0.88    LDAP    246    searchResEntry(22) "cn=service,ou=nested,ou=appgroups,ou=Groups,dc=test,dc=com" 
12    0.035482    10.166.0.2    10.132.0.88    LDAP    119    searchResDone(22) success  [5 results]


User-added image


2. The following example shows the LDAP error noSuchObject in the Group search request when no Group objects were found, therefore “0 results” returned. If you encounter such error, check the Search Base and Filter configured properly.

1    0.000951    10.132.0.88    10.166.0.2    LDAP    360    searchRequest(2) "ou=IncorrectGroups,dc=test,dc=com" wholeSubtree 
2    0.034433    10.166.0.2    10.132.0.88    LDAP    96    searchResDone(2) noSuchObject  [0 results]