Highlighted
Absent Member.. GTrejos7 Absent Member..
Absent Member..
123 views

[ST OMU] Enabling ldap authentication on Active Directory with multiple search DN´s

PROBLEM:

 

By following the Operations Manager for Unix (OMU) Admin guide, authentication works in Active Directory (AD) for normal users but not when opc_op account is in a different Organizational Unit (OU)

 

The files /etc/pam.d/ovo, and /etc/ldap.conf have been configured.

 

This works when having the base set in /etc/ldap.conf to:

 

base OU=All users, DC=cof,DC=ds,DC=abc,DC=com

 

This works fine for authenticating normal users. However, the opc_op AD account is in a different OU. That’s in

 

OU=B, DC=cof,DC=ds,DC=abc, DC=com

 

So, the base DN should be able to be set to:

 

base DC=cof,DC=ds,DC=abc,DC=com

 

But when doing this, after giving the user name and password, the Operations Manager for Unix (OMU) Java GUI login screen disappears and it seems to be waiting for the authentication.

If left long eventually it will fail with a Socket Closed error.

 

 

SOLUTION:

 

There is a way of adding multiple search DN’s in the ldap.conf as follows:

 

nss_base_passwd OU=All Users,DC=cof,DC=ds,DC=abc,DC=com

nss_base_passwd OU=B,DC=cof,DC=ds,DC=abc,DC=com

 

This now will allow to authenticate normal users in the OU=All Users, and opc_op in the OU=B tree.

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
If you liked it I would appreciate KUDOs.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.