I've tried to configure the UCMDB to enable LDAP authentication for Active Directory, but I'm unable to logon once I set "Remote users repository mode" to "true". I can still logon using the local sysadmin UCMDB account, but any other account gives me "Authentication failed".
I think I'm close as I have 3 different Active Directory groups showing up under Security, LDAP Mapping. They are UCMDB_Admins, UCMDB_SuperAdmins, UCMDB_Viewers. Each of these groups is associated with a corresponding group in the UCMDB (i.e. UCMDB_Admins has Admins in the select groups window).
I have one user in the UCMDB_SuperAdmins group in Active Directory and still can't logon with that user ID.
Here are the settings for the 4 LDAP categories. I've changed a couple for the purpose of posting them here.
*** deprecated *** Security Protocol:
Automatically assigned user group:
Enable User Permissions Synchronization: TRUE
Is case-sensitivity enforced when authenticating with LDAP: FALSE
LDAP Server URL: ldap://somedc.its.corp.gwl.com:389/??sub
LDAP vendor type: Microsoft Active Directory
Remote users repository mode: TRUE
Use bottom up algorithm for finding parent groups from the LDAP server.: FALSE
Users filter: (&(objectClass=person)(objectClass=user))
Distinguished Name (DN) Resolution: TRUE
Distinguished Name of Search-Entitled User: CN=Some\,\20User,OU=SOMEORG,OU=ORG\20Users,DC=its,DC=corp,DC=gwl,DC=com
Password of Search-Entitled User: *********
Search Retries Count: 5
Groups base DN: DC=its,DC=corp,DC=gwl,DC=com
Groups search filter: (&(objectClass=group)(CN=UCMDB*))
Root groups base DN: DC=its,DC=corp,DC=gwl,DC=com
Root groups filter: (&(objectClass=group)(CN=UCMDB*))
Root groups scope: sub
Scope for groups search: sub
Group class object: group
Groups description attribute: description
Groups display name attribute: cn
Groups member attribute: member
Groups name attribute: cn
User display name attribute: name
Users object class: user
UUID attribute: sAMAccountName
Any suggestions on what to try next?