Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-10567: Some attributes are missing from ldapsearch against Centrify-ldapproxy

25 June,18 at 11:09 AM

Applies to: All version of Centrify Infrastructure Services
Description:
The result from ldapsearch against Centrify-ldapproxy server does not contain all attributes of the user/group.
Below is the example:
>Search filter:
==================================================
# LDAPv3
# base <cn=Centrify User,cn=centrify,cn=Users,dc=centrify,dc=test> with scope baseObject
# filter: (objectClass=*)
# requesting: ALL
# with pagedResults control: size=100
==================================================
>Expected result, showing all attributes of the user:
================================================== 
# Centrify User, Centrify, Users, centrify.test
dn: cn=Centrify User,cn=Centrify,cn=Users,dc=centrify,dc=test
accountExpires: 9223372036854775807
adminCount: 1
cn: Centrify User
codePage: 0
countryCode: 0

objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=centrify,DC=test

.....
gidNumber: 1000
.....
==================================================

>Actual result, some attributes like DN, gidNumber, givenName are missing:
================================================== 
#Centrify User, Centrify, Users, voyager.test
dn: cn=Centrify,cn=Centrify,cn=Users,dc=centrify,dc=test
accountExpires: 9223372036854775807
cn: Centrify User
displayName: Centrify User
memberOf: CN=Centrify Dev,CN=Centrify,CN=Users,DC=centrifyDC=test
memberOf: CN=Domain Admins,CN=Users,DC=centrify,DC=test
name: Centrify User
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=centrify,DC=test
....
==================================================
 
Root cause:
Centrify-ldapproxy returns the cache built by adclient. The attributes list of the object cache depends on purpose of being built.
For instance, if the object cache was built as result of adquery, it does not contain extra attributes above.
 
Resolution: 
To ensure expected attribute to be returned, please edit /etc/centrifydc/centrifydc.conf and modify the following settings:
 
>For user object:
adclient.custom.attributes.user: <attribute1> <attribute2> <..>


>For group object:
adclient.custom.attributes.group: <attribute1> <attribute2> <..>
 
>Example:
adclient.custom.attributes.user DN gidNumber
The above example ensure the attributes “DN” & “gidNumber” are always cache on user object.


After the change, please restart adclient to make the settings effective.
Below is the command to restart adclient:
# /usr/share/centrifydc/bin/centrifydc restart

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6041: How to show current license type in use by adclient? articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-5902: Ldapproxy is rejecting query with authentication request articleKB-4034: ldapproxy ERROR: Failed to retrieve _objectCategory from object: No such attribute articleKB-2482: Why does adquery not show the passwordhash once adclient.custom.attributes.user is set?