Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
jrmhscht
jrmhscht Super Contributor.
Super Contributor.
‎2016-10-24 02:18
745 views

User store service account permissions

Hello,

We are running NAM 4.2.1 with an edirectory user store. Currently the service account to the user store has read only access to the OU where the users are stored. With this setup I am unable to authenticate using the mobile access app (oauth) on a phone. If I make the service account an admin to the user store the mobile access authentication works correctly.

The documentation does not say explicitly what attributes need to be written to: https://www.netiq.com/documentation/access-manager-42/admin/data/b1tvhkg.html#bcoabgl It does say
If you use X.509 authentication, the admin user needs write rights to update the user’s login status attributes.
Does anyone know what the "login status attributes" are or what other attributes NAM needs to write to?

Otherwise, do most people use an admin user to connect to the user store?

Thanks,
Jeremiah
0 Likes
Reply
5 Replies
AutomaticReply
AutomaticReply Absent Member.
Absent Member.
‎2016-10-28 05:30

Re: User store service account permissions

jrmhscht,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
Reply
edmaa
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2016-10-28 12:12

Re: User store service account permissions

On 10/24/2016 12:26 PM, jrmhscht wrote:
>
> Hello,
>
> We are running NAM 4.2.1 with an edirectory user store. Currently the
> service account to the user store has read only access to the OU where
> the users are stored. With this setup I am unable to authenticate using
> the mobile access app (oauth) on a phone. If I make the service account
> an admin to the user store the mobile access authentication works
> correctly.
>
> The documentation does not say explicitly what attributes need to be
> written to:
> https://www.netiq.com/documentation/access-manager-42/admin/data/b1tvhkg.html#bcoabgl
> It does say > If you use X.509 authentication, the admin user needs write rights to
>> update the user�s login status attributes. Does anyone know what the "login status attributes" are or what other
> attributes NAM needs to write to?
>
> Otherwise, do most people use an admin user to connect to the user
> store?
>
> Thanks,
> Jeremiah
>
>

Give the account write rights to the ACL attribute

--
Cheers,
Edward

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

0 Likes
Reply
jrmhscht
jrmhscht Super Contributor.
Super Contributor.
‎2016-10-29 21:22

Re: User store service account permissions

Thanks, I will give that a try.
0 Likes
Reply
jrmhscht
jrmhscht Super Contributor.
Super Contributor.
‎2016-11-03 17:56

Re: User store service account permissions

Thanks Edward! Giving write access to ACL lets me log in. I am still having trouble with the mobile access app asking for me to log in whenever I try to go to a link. I'll probably open another support ticket on that.
0 Likes
Reply
Highlighted
edmaa
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2016-11-06 12:39

Re: User store service account permissions

On 11/4/2016 5:06 AM, jrmhscht wrote:
>
> Thanks Edward! Giving write access to ACL lets me log in. I am still
> having trouble with the mobile access app asking for me to log in
> whenever I try to go to a link. I'll probably open another support
> ticket on that.
>
>
Did you actualy get the mobile app registered? If not, make sure you
have the issuer of the certificate on the mobile app added to the nidp
trusted root.


--
Cheers,
Edward

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.