Fortify SSC 21.2.2 - adding LDAP user disabled

Hello

After SSC upgrade to 21.2.2 I have problem with adding new LDAP users. Server settings in "ADMINISTRATION >> Configuration >> LDAP Servers" are validated, and searching users in "Users >> LDAP Entities" works fine. But when I try to add selected user buttons: SAVE and "SAVE AND ADD ANOTHER" are grayed (in tip it's disabled). 

I've try it with local administrator permitions.

ssc.log stans for

"NON-retryable exception during operation. Will not retry."

"Unable to lookup LDAP object with %DistinguishedName%: [LDAP:error code 32 - 0000208D: NameErr: DSID:03100241, problem 2001 (NO_OBJECT), data 0, best match off: %OU%]; nested exception is ............ remaining name"

Can somebody help me? What is a clue of a problem?

-- 
Pawel

  • I am experiencing this problem as well, has anyone found a solution?

  • Hi Pawel,

    I think there is a ticket with the Fortify DEV team on this, you can open ticket with support to confirm. You can use this OCTCR11A564002 as reference.

    Regards,

  • Hi Guys,
    I faced same issue. Is there any solution for this?

  • Suggested Answer

    Hi Guys,

    Please scroll down the page, the roles section is hiding in there :). When you select a role you can add the user

  • sometimes that additional dialog goes awol on our busy system :-) But it is a good point. This is why I use REST API to do it now

    1 - get role ID

    Then you have to look up ID of a specific role

    roleURL=system_url + '/ssc/api/v1/roles?q=name:args.rolename

     r = requests.get(roleURL, ....)
    if (r.ok):
        roleID= r.json()['data'][0]['id']

    ...

    2 - check if intended user can exist (if it doesnt exist in your LDAP search path it isnt going to work!)

    Basically I use SSC's own "does this entity exist"

    for a group


    url = system_url + "/ssc/api/v1/ldapObjects?ldaptype=GROUP&limit=0&q={}&start=0".format(args.DLName)

    for a user

    url = system_url + "/ssc/api/v1/ldapObjects?ldaptype=USER&limit=0&q={}&start=0".format(args.UserName)

     r = requests.get(url, headers = header)

    if (r.ok):
    dlExists = r.json()['count'] == 1
    if dlExists == True:
    d1 = r.json()['data'][0]
    print(d1)
    data = json.dumps(
    {
    "distinguishedName": d1['distinguishedName'],
    "ldapType": d1['ldapType'],
    "name": "{}".format(d1['name']),
    "roles": [
    {
    "id": roleID
    }
    ]
    }
    )
    theurl = system_url + '/ssc/api/v1/ldapObjects'
    r = requests.post(theurl, data=data, headers = header)
    if(r.ok):
    values = r.json()
    print(values, 201)
    else:
    print('Error, please contact support', 500)
    else:
    print('User {} exists. You should be able to use it in your project-versions'.format(args.UserName), 500)
    else:
    print(r)

    On a busy system like ours I can guarantee this works - using the UI is way too slow.

  • Sorry, i forgot about this topic. 
    In my case problem was solved by upgrading console. I'm using SSC 21.2.2.00002 now.

    I hope this will help in your cases too.

    -- 

    Pawel