Validation of octane.yml failed - LDAP configuration issue
Hi, I try to set up ALM Octane on single server plus elastic search on another. Ewerything worked except the last step - configuration of LDAP. I tried multiple combinations but I get general info:
ERROR: Validation failed:
2018/08/17 11:11:12 | jvm 1 | Failed to configure LDAP. See Exception for more details, exception=Validation failed:
2018/08/17 11:11:12 | jvm 1 | Failed to configure LDAP. See Exception for more details
Unfortunatelly I couldn't find any more info inside wrapper.log (log level set to DEBUG)
When I validate the whole octane.yml file in online tool it passed without any warning.
Do you have any suggestions what could go wrong? Below you can find section responsible for LDAP:
The error that you see mean that user 'OU=Corp,DC=verit,DC=dnv,DC=com' that is defined as the administrator (value of 'adminDn' in octane.yml) does have in LDAP server the attributes that are defined for each user in octane.yml/
Please check in LDAP server that all expcted fields exists: distinguishedName, objectGUID, givenName, sn, cn, sAMAccountName, mail
The error from wrapper.log:
The mandatory firstName, email, lastName, logonName is missing for the user with DN 'OU=Corp,DC=verit,DC=dnv,DC=com'.
The expected LDAP fields for each user (from octane.yml):
Answer on behalf of Sworcjusz.
Problem is solved, but I have to say it was really tricky case 🙂
There were two issues:
1. I had to update ALM Octane config file with proper string (full path to AD object) to make it work.
In our case AD path to our Octane service account is adminDn: CN=<service_account_name>,OU=Service Accounts,OU=Common Services,OU=Corp,DC=<my>,DC=<domain>.,DC=com
2. It seems during start up Octane validates service account attributes. In our case Octane service account was created in AD without "Last name" and "e-mail address" attribues. After update system is up and running, including LDAP integration :).
Please do not hesitate to contact me if you'll have any quesiton or comment regarding this case.
Thanks for the update.
Please let us know if you have any suggestion to make LDAP integration easier. Should we change the error messages? Should we change the validator checks?