Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.. Absent Member..
Absent Member..
1473 views

vPV 2.10 OpenLDAP with CSA

Hello,

I installed vPV 2.10 for a customer in his vCenter with the vPV2.10 .ova file. The deployment went well, I could access vPV through https. I went on the admin tab and filled out the CSA Integration form correctly.


CSA is installed on a POC Appliance VM01 and is on the same VLAN as vPV. CSA is in version 4.1. Both machines, vPV and CSA, can communicate.

 

I modified the /var/opt/OV/conf/perf/PVconfig.ini LDAP section and restarted vPV service. Here is how the section looks like:

 

[LDAP]
PVGROUP=ServiceConsumer,CSAAdministrator
PVADMIN=consumer,csaadmin
LDAPHOST=172.16.1.5:10389
SEARCHBASE=dc=example,dc=com
USERSEARCHQUERY=UID=$USERID$
DOMAIN=example.com
LDAPTYPE=OpenLDAP
USE_SSL=false
BIND_DN=uid=csaadmin,ou=ProviderUsers,ou=CSAUsers,dc=example,dc=com
BIND_DN_PASSWORD=MhUj6w6Sc/WNVF8eOkCA4g==
;BIND_DN_MEMBER_TYPE=<Type of member for group validation for e.g. member, uniqueMember,
memberOf.>
;SSL_KEYSTORE=<Absolute path of keystore file>
;*******************************************************

After restarting the service, I could log in as vPV admin with the csaadmin default account from the integrated openLDAP of VM01. I could see all my CSA organisations as well. But when I tried to log on as a CSA user, in the CSA context, I always got the same error : "Invalid username/password".

 

Same error points out in the log file.

 

I retried the same credentials on the CSA marketplace and saw I could log in, so my credentials are correct. However I checked the header sent after submitting the form in the vPV logging page and I could see that the password of the form is somehow encrypted. Is that normal ?


I'm definately doing something wrong here in my csa integration but cannot see where. Any advice/help would be much appreciated.

 

Thank you !

 

Gaël Grisnaux

Labels (4)
Tags (2)
0 Likes
3 Replies
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Hi,

 

 All your configuration looks to be correct.

I would request you to enable the vPV trace and try the login again(which failed). Capture the trace and send it back which would help us to troubleshoot it further.

 

Please note that password is always encrypted.

 

Steps to be done:

 

  • To enable trace go to PVconfig.ini, set TRACELEVEL as 11 and restart Server. Restart the Server by giving following command:
  • /opt/OV/bin/ovc -restart ovtomcatB
  • #pv  trace   --> This command will show you trace file name and location.

 

Please send the trace fiel back to us.

 

 

 

regards,

Saifu

0 Likes
Absent Member.. Absent Member..
Absent Member..

Thank you Saifu for your reply,

 

I actually found the solution in the logs generated with the trace.

 

I actually used the fqdn of the LDAP instead of it's IP in CSA organization LDAP panel and vPV couldn't resolve it.

 

After the fix, I could connect normally as a CSA user.

 

Thank you for your help !

 

Gaël

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Hello Gael,

 

  Its great that you could figure out the problem from the log/trace file generated by vPV.

If the LDAP is not reachable or not reslovable from vPV, ideally vPV should be giving proper error message in the UI, instead of "invalid username/password. Its a known issue, we will try to address in future release.

 

Regards,

Saifu

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.