Highlighted
Trusted Contributor.
Trusted Contributor.
479 views

uCMDB LDAP configuration

Dear All,

I have configured LDAP on uCMDB 10.22, below are the settings, still it reverts the LDAP is not configured correctly, Please suggest.

 

Setting Value

LDAP connection string ldap://***.***.com:***/OU=***,DC=***,DC=***,DC=com??sub

Distinguished Name (DN) Resolution true

Root Group DC=***,DC=***,DC=com

Search Retries Count 5

Group Base DC=***,DC=***,DC=com

LDAP Search User CN=Usuario ****,OU=***,OU=***,OU=***,DC=***,DC=***,DC=com

Groups name attribute cn

Is case-sensitivity enforced in LDAP authentication True

Root Group Filter (|(objectclass=group)(objectclass=groupOfNames)(objectclass=groupOfUrls)(objectclass=accessGroup)(objectclass=accessRole))

Default Group

Users object class user

Group Base Filter (|(objectclass=group)(objectclass=groupOfNames)(objectclass=groupOfUrls)(objectclass=accessGroup)(objectclass=accessRole))

Use bottom up algorithm for find parent groups false

Root groups scope sub

Groups member attribute member

Group class object group

Users filter (&(sAMAccountName=*)(objectclass=user))

Enable LDAP authentication false

Scope for groups search sub

Groups display name attribute cn

UUID attribute sAMAccountName

Enable LDAP synchronization true

User display name attribute cn

Groups description attribute description

0 Likes
5 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Hi There,

It is very hard to say all settings are correct [they looks like correct], but i do recommend to test on jmx console for connection testing and use ldap browser see all settings are correct.

you can do also test user to see if returns true.

Do you see any specific error on the logs?

Thanks,

UCMDB team

 

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Hii  Ticketcrusher,

 

below are the results I have received from jmx console, please suggest,

Mbean: UCMDB:service=LDAP Services. Method: testLDAPConnection
LDAP connection test has failed. Cannot retrieve LDAP Root Groups. See bellow more details about the cause.
null
null

 

 


Mbean: UCMDB:service=LDAP Services. Method: verifyLDAPCredentials
User usptaddo successfully passes LDAP authentication. Authenticated successfully
Ldap groups for username usptaddo cannot be retrieved
Verify LDAP credentials and retrieving users groups took: 1.4 seconds.

 

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Hi There,

looks like issue on root group mapping. can you be sure ldap search user able to search under those root group setting and make sure filter set properly.

Thanks,

Yilmaz

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Hi Ticketcrusher,

The serach user has the privileges it is like an admin user

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

You curently have "Root Group DC=***,DC=***,DC=com", but you didnt difine the OU where the the account sits.  i belive you can define the OU at high level. 

Root Group ou=RBAC, DC=***,DC=****,DC=*****,DC=com

 

Let me know, if this works.

 

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.