<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UvNSAVOkta Classic EngineAdministrationAnswered2024-06-19T09:15:41.000Z2017-08-10T14:42:34.000Z2018-09-12T20:30:07.000Z

c7v33 (c7v33) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Could not find a value for the BaseSubstitutionProperty on the User result
Hey Guys

 

So were setting up the LDAP agent using Jumpbox, and following this guide (here).

 

On the agent set up page, were getting the below error:

Could not find a value for the BaseSubstitutionProperty on the User result

 

I have checked all the details and they are correct, and the logs dont offer much insight. I'll post everything I have below:

 

[ 2017-08-10 14:04:47.850 ] [ pool-1-thread-1 ] [ INFO  ] [LdapAgent:187] - Running actionType=USER_AUTH_AND_UPDATE in className=UserAuthAndUpdateActionHandler

[ 2017-08-10 14:04:47.850 ] [ pool-1-thread-1 ] [ INFO  ] [LdapDirectoryAdapter:157] - Last scan=null

[ 2017-08-10 14:04:47.850 ] [ pool-1-thread-1 ] [ INFO  ] [UnboundIDLdapClient:277] - LDAP query from Okta: (&(objectclass=inetorgperson)(mail=ldapsvc@COMPANYNAMEREDACTED.com))

[ 2017-08-10 14:04:47.850 ] [ pool-1-thread-1 ] [ INFO  ] [WrappedConnectionPool:71] - Search DN=ou=Users,o=598c4c311c1b94a7363f1efa,dc=jumpcloud,dc=com

[ 2017-08-10 14:04:47.850 ] [ pool-1-thread-1 ] [ INFO  ] [WrappedConnectionPool:72] - Search Filter=(&(objectclass=inetorgperson)(mail=ldapsvc@COMPANYNAMEREDACTED.com))

[ 2017-08-10 14:04:47.851 ] [ pool-1-thread-1 ] [ INFO  ] [LdapUtil:66] - [LDAP =>ldap.jumpcloud.com:636] Operation=SearchRequest BaseDN=ou=Users,o=598c4c311c1b94a7363f1efa,dc=jumpcloud,dc=com Filter=(&(objectclass=inetorgperson)(mail=ldapsvc@COMPANYNAMEREDACTED.com)) Scope=SUB Attributes={givenName,distinguishedname,sn,mail,objectClass,uid,title,manager,streetAddress,l,st,postalCode,physicalDeliveryOfficeName,departmentNumber,telephoneNumber,mobile,preferredLanguage,postalAddress,employeeID,employeeNumber,uid,member,pwdlockout,dn,memberof}

[ 2017-08-10 14:04:47.851 ] [ Thread-14 ] [ INFO  ] [LdapAgent:161] - Fetching Action

[ 2017-08-10 14:04:47.851 ] [ Thread-14 ] [ INFO  ] [LdapRestClient:462] - GEThttps://COMPANYNAMEREDACTED.okta.com/api/1/internal/app/agent/ldap_sun_one/0oa11rqacBbJCXDf52p6/agent/a5311rn7dWYEWo0cf2p6/nextAction?agentVersion=5.3.12

[ 2017-08-10 14:04:48.033 ] [ pool-1-thread-1 ] [ INFO  ] [WrappedConnectionPool:93] - Paged search: SearchResultEntry=SearchResult(resultCode=0 (success), messageID=2, entriesReturned=1, referencesReturned=0, responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)})

[ 2017-08-10 14:04:48.033 ] [ pool-1-thread-1 ] [ INFO  ] [LdapDirectoryAdapter:205] - Search Response Entries: size=1

[ 2017-08-10 14:04:48.036 ] [ pool-1-thread-1 ] [ INFO  ] [LdapRestClient:232] - POST initiated with result status=FAILURE, actionType=USER_AUTH_AND_UPDATE, actionId=ADS12bngmtQNgVBZb2p6, diagnostic message=, error code=, matched dn=, message=Could not find a value for the BaseSubstitutionProperty on the User result, result code=, vendor=OPEN_LDAP

[ 2017-08-10 14:04:48.037 ] [ pool-1-thread-1 ] [ INFO  ] [LdapRestClient:462] - POSThttps://COMPANYNAMEREDACTED.okta.com/api/1/internal/app/agent/ldap_sun_one/0oa11rqacBbJCXDf52p6/agent/a5311rn7dWYEWo0cf2p6/actionResult

[ 2017-08-10 14:04:48.490 ] [ pool-1-thread-1 ] [ INFO  ] [LdapRestClient:264] - POST completed. Time Taken=0:00:00.454

 

Kind Regards
  • 3 answers
  • 1.22K views

  • xwukp (xwukp)

    It would sure be nice if you guys posted the fixes for this.  I had it too in April, but the emails nor case details show what the fix was.  What is the purpose of a knowledge base if you don't use actual use cases and support problems as examples.   Would save everyone some time.

     

    We have this issue in another tenant and can't remember how we fixed it.

    Expand Post

  • james.flores1.4616875318781074E12 (Okta, Inc.)

    Hi David,

     

    This issue has to do with the "user attribute" used in the in the "groups" section of the LDAP settings. The user attribute is used to identify the attribute of the user object and is also used to find group members for reconciliation. For example, on import:

     

    1. Okta pulls in the users and groups
    2. The groups will have a list of group members (uniqueMember attribute)
    3. User attribute in the groups section is set to "UID"
    4. Okta looks the user up by UID to reconcile group memberships.

     

    If the "user attribute" is set to an invalid attribute and Okta is unable to find the user via that attribute, this error will result.

    Expand Post
This question is closed.
Loading
Could not find a value for the BaseSubstitutionProperty on the User result