Service Virtualization

  • 1.  ActiveDirectory authentication - some improvements ?

    Posted Sep 27, 2018 07:21 AM

    Hello,

     

    We are configuring DevTest in order to use ActiveDirectory authentication.

    After some tests we saw 2 things.

     

    The first thing, there are 2 LDAP searchRequest sent when the user authenticates. The first request "searchRequest baseOjbect" with no result because the user entry is located in a subplace. And the second request "searchRequest wholeSubtree", with one result.

    Why 2 requests ? One request "searchRequest wholeSubtree" can make the same thing (and avoid unuseful sollicitations).

     

    The second thing, is how to reduce the number of attributes returned by the searchRequest ? Is there any way to configure it in DevTest ? There are about 39 items returned, but only 2 seems useful (CN and memberOf).

     

    Best regards

    Benoit



  • 2.  Re: ActiveDirectory authentication - some improvements ?

    Posted Oct 02, 2018 02:00 AM

    Any ideas on these subjects ?



  • 3.  Re: ActiveDirectory authentication - some improvements ?

    Broadcom Employee
    Posted Oct 02, 2018 07:52 AM

    Where are you seeing these two referenced?

     

    searchRequest baseObject

    searchRequest wholeSubtree



  • 4.  Re: ActiveDirectory authentication - some improvements ?

    Posted Oct 02, 2018 07:55 AM

    We made a tcpdump on the registry server. And analyzed it using wireshark.

    These references were found in the transaction between registry and LDAP.



  • 5.  Re: ActiveDirectory authentication - some improvements ?

    Broadcom Employee
    Posted Oct 02, 2018 09:09 AM

    Benoit,

     

    I will open a support case for this.

     

    ~Marcy



  • 6.  Re: ActiveDirectory authentication - some improvements ?

    Posted Oct 02, 2018 09:42 AM

    Thanks. Shall we close this discussion or should we wait to the case to be solved ?



  • 7.  Re: ActiveDirectory authentication - some improvements ?

    Broadcom Employee
    Posted Oct 02, 2018 09:47 AM

    No, let's leave the discussion open, when I get an answer I will post here as well.  The first might be an enhancement request, on the second question I want to get our sustaining engineering's thought on this.  Your LDAP admin might be able to help your tweek your search base to narrow down your LDAP search.



  • 8.  Re: ActiveDirectory authentication - some improvements ?
    Best Answer

    Posted Oct 12, 2018 03:45 AM

    Idea created : ActiveDirectory authentication - some improvements  

    All votes are welcome