LDAP sync with Lotus Notes LDAP

[fjakop]

I'm trying to get redmine to sync against Lotus Notes LDAP. The groups in Lotus Notes Notes LDAP do not have a base dn, i.e. they are located in the root of the ldap tree. At the moment, I'm not able to get anything synced. I need a logging facility for the generated ldap query string for getting this to work (or a ready-to-cook recipe).
Can you tell me how to log the query strings?

[thorin]

The library I'm using is the following: http://net-ldap.rubyforge.org/Net/LDAP.html
I haven't seen an option to log the generated queries.

You can use puts to print some of the variables, if that helps you.

If you want me to help I'll need the Distinguished Names of one of the groups and of one of the users.
And the values of the following Settings:

• Group Base DN
• Group name attribute (group)
• Group membership
• Members attribute (group)
• Memberid attribute (user)
• Groups attribute (user)
• Groupid attribute (group)
• Groups objectclass
• Users objectclass
• Group name pattern
• Group search filter
• Users must be members of

[fjakop]

Thanks for the reply. The settings are the following:

• Group Base DN --> empty
• Group name attribute (group) --> cn
• Group membership --> on the group class
• Members attribute (group) --> member
• Memberid attribute (user) --> cn
• Groups attribute (user) --> n/a
• Groupid attribute (group) --> n/a
• Groups objectclass --> dominoGroup
• Users objectclass --> dominoPerson
• Group name pattern --> empty
• Group search filter --> empty
• Users must be members of --> empty

A group's DN looks like "cn=Alle" (I can find the group with this search string in LDAP-Browser)
A typical member attibute looks like "member=CN=Max Meier,O=FOO,C=DE"

A user's DN looks like "CN=Max Meier,O=FOO,C=DE"

Is the Base-DN of the user configured in the settings of the "normal" LDAP-auth page appended to the value of the member-attribute in the group while looking up the group's members? This would result in a DN like "CN=Max Meier,O=FOO,C=DE,O=FOO,C=DE"

[thorin]

No, I don't append it. I use the same query as the one executed by redmine to search for users.

To search for group members I use the memberid attribute (ie, I search for groups that contains members with a specific memberid).
The memberid must not be cn. It needs to be an attribute containing the distinguished name. (for example DN, if there is such attribute on Lotus Notes LDAP)

[fjakop]

That was the crucial hint! In my LDAP-Browser the attribute dn on the user is not visible, nevertheless it exists. Using this attribute makes the things work.

A conclusion for other readers:

Settings for Lotus Notes LDAP (tested against Lotus Notes 8.5.2)
Group Base DN --> empty
Group name attribute (group) --> cn
Group membership --> on the group class
Members attribute (group) --> member
Memberid attribute (user) --> dn
Groups objectclass --> dominoGroup
Users objectclass --> dominoPerson
Group name pattern --> empty
Group search filter --> empty
Users must be members of --> empty

[thorin]

Thank you. I've updated the readme with your settings.