Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-10567: Some attributes are missing from ldapsearch against Centrify-ldapproxy

25 June,18 at 11:09 AM

Applies to: All version of Centrify Infrastructure Services
Description:
The result from ldapsearch against Centrify-ldapproxy server does not contain all attributes of the user/group.
Below is the example:
>Search filter:
==================================================
# LDAPv3
# base <cn=Centrify User,cn=centrify,cn=Users,dc=centrify,dc=test> with scope baseObject
# filter: (objectClass=*)
# requesting: ALL
# with pagedResults control: size=100
==================================================
>Expected result, showing all attributes of the user:
================================================== 
# Centrify User, Centrify, Users, centrify.test
dn: cn=Centrify User,cn=Centrify,cn=Users,dc=centrify,dc=test
accountExpires: 9223372036854775807
adminCount: 1
cn: Centrify User
codePage: 0
countryCode: 0

objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=centrify,DC=test

.....
gidNumber: 1000
.....
==================================================

>Actual result, some attributes like DN, gidNumber, givenName are missing:
================================================== 
#Centrify User, Centrify, Users, voyager.test
dn: cn=Centrify,cn=Centrify,cn=Users,dc=centrify,dc=test
accountExpires: 9223372036854775807
cn: Centrify User
displayName: Centrify User
memberOf: CN=Centrify Dev,CN=Centrify,CN=Users,DC=centrifyDC=test
memberOf: CN=Domain Admins,CN=Users,DC=centrify,DC=test
name: Centrify User
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=centrify,DC=test
....
==================================================
 
Root cause:
Centrify-ldapproxy returns the cache built by adclient. The attributes list of the object cache depends on purpose of being built.
For instance, if the object cache was built as result of adquery, it does not contain extra attributes above.
 
Resolution: 
To ensure expected attribute to be returned, please edit /etc/centrifydc/centrifydc.conf and modify the following settings:
 
>For user object:
adclient.custom.attributes.user: <attribute1> <attribute2> <..>


>For group object:
adclient.custom.attributes.group: <attribute1> <attribute2> <..>
 
>Example:
adclient.custom.attributes.user DN gidNumber
The above example ensure the attributes “DN” & “gidNumber” are always cache on user object.


After the change, please restart adclient to make the settings effective.
Below is the command to restart adclient:
# /usr/share/centrifydc/bin/centrifydc restart

Related Articles

 articleLDAP Proxy, and You: A Definitive Guide articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleIntegration of legacy platforms with Centrify Server Suite - agentless integration w/LDAP part 3 articleIntegration of legacy platforms with Centrify Server Suite - agentless integration w/LDAP part 2 articleKB-6041: How to show current license type in use by adclient articleKB-24225: In Centrify Infrastructure Services 19.6 adclient.cloud.connector fails to use the specified connector articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role?