Vice Admiral
Vice Admiral
436 views

How to list all "licensed users"

Hi All

     Recently customer want to let users register TOTP to use VPN.l

But he want to generate licensed user list.

I check the report...the user report seem only keep 30 days....and he find user who un-register method to return license ,but the user report still show this user is licensed user.

How to generate all "licensed user list" no matter he resiger's date ?

 

Wencheng 

Tags (1)
0 Likes
8 Replies
Vice Admiral
Vice Admiral

as below screenshot....this testing user's name is ksato

he unregister TOTP and no other method assign to him,,,'

001.png

but the user report still show he still keep "is enrolled"

002.png

 

Wencheng

0 Likes
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Hi @wencheng ,

Probably this is some misunderstanding, screenshot mention that user KSato is enabled and last login was 1 Feb. I could suggest two ways to check what method enrolled:

1. Make "Authenticators" report,  btw we have a UI bug related with Users and Authenticators reports, time interval shouldn't be available for that type of reports. But currently it is just ignored. Export report and find details for specific user.

2. You can take a look on SLAnalyzer utility, it is available here: https://ftp.novell.com/pub/SLAnalyzer/

It is possible to build enrolled methods database, see more for details at SLAnalyzer user guide.

 

Let me know incase of any questions.

 

0 Likes
Vice Admiral
Vice Admiral

Hi

   Authenticators report is not I want...because is just provide records that who recently use....so this report will show duplicator username in report.

I need a report clear provide who has use a license....

Now the report that AA provide , if he clear all methods...the license return to unused count...the user report also not I need, because it still count this user show "enrolled"

 

003_Authenticator.png

customer could not list the license who indeed use the license

0 Likes
Micro Focus Expert
Micro Focus Expert

Hi @wencheng 

There is also an old-school console tool that generates an HTML with a table (users/methods). Probably, it will be more helpful.

Please read the instructions inside the zip.

https://filr.microfocus.com/filr/public-link/file-download/02b982866434a9aa0164ef982c3d4680/139871/4450632485677365157/EnrolledUsersReport_1.0.1.zip

0 Likes
Vice Admiral
Vice Admiral

Hi @George Teys 

     I had tested this tool in my testing lab. Yes...the list match the license used.

But for customer production....it has windows client or other AA compoment installed...but customer could not install them.

could we have any method to modify it (like properties setting) or do you have source script that I could ask my colleage modify it ??

 

Thasnk!!

 

Wencheng

0 Likes
Micro Focus Expert
Micro Focus Expert

Hi @wencheng 

As far as I remember, any Windows component is required just to let the tool use the existing endpoint. You can create an endpoint manually and put its id and secret to C:\ProgramData\NetIQ\Windows Client\config.properties. Please test in your lab before sharing it with your customer.

0 Likes
Vice Admiral
Vice Admiral

Hi @George Teys 

   manual add endpoint method could use run this tool...

And I "need" modify my previous answer...

I use this tool to generate report...I find the admin webconsole still show used license is 6

license001.png

But the output report show total user is 7 accounts

license002.png

I try to reboot AA Server and re-check the used license from Admin webconsole and re-generate report from this tool....the total used license and report are mismatch.

Whether total used license is static check schedule or not ?? if I could forace manual to let it re-check used license again ?

 

Thanks!!

 

Wencheng

 

Wencheng

 

 

 

0 Likes
Micro Focus Expert
Micro Focus Expert

Hi @wencheng,

First of all, the user license is not consumed if the user has only the LDAP Password method enrolled.

Secondly, at the bottom of the page https://www.netiq.com/documentation/advanced-authentication-63/server-administrator-guide/data/add_license.html there is a hint on how to free up the user license.

There you may find a reference to a policy that retains the users marked for removal in the database.

This command will allow seeing how many users marked for removal:

docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT * from public.user where deleted_at<>NULL;"

If you still have confusion, please also look at the number of users in the Repository section.

The users from the LOCAL repository also consume the licenses. Even if the user has only the Password method enrolled.

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.