ERROR: Failed to execute command. Reason: 404 (404 (Not Found) for url: https://conjur-cluster.acme.corp/policies/acme/policy/conjur%2Fauthn-ldap. Error: {“error”:{“code”:“not_found”,“message”:“Group ‘all-ldap-users’ not found in account ‘acme’”,“target”:“group”,“details”:{“code”:“not_found”,“target”:“id”,“message”:“acme:group:all-ldap-users”}}}) for url:
I couldn’t find reference of !group /all-ldap-users in the document elsewhere. Could anyone please explain how it is mapped to LDAP groups, and the resolution for the error. Thanks in advance!
The group name “all-ldap-users” is simply a placeholder for any group or individual users you want to provide access to the LDAP authenticator. To quote the documentation a little lower down:
Change the group name to your aggregated group name for LDAP users. You could alternatively choose to add multiple member statements to include additional groups.
Hi, thanks for your response!
These are the steps are followed:
I tried creating a user in my AD- testuser@demo.lab and created the same user under root in Conjur and loaded the policy
!grant
role: !group my-ldap-server/clients
member: !user /testuser@demo.lab
After doing necessary configurations, I am getting the below error in audit.json: user:testuser@demo.lab failed to login with authenticator authn-ld ap service acme:webservice:conjur/authn-ldap/my-ldap-server: getaddrinfo: Name o r service not known
Could you please assist with the same?