08-25-2014 06:25 AM
Hello,
I need some help about registering an LDAP Active Directory to OPSCenter.
As explained , i added the domain following your instructions :
vssat addldapdomain -d sosm.lan9 -s ldap://myLDAPmachine -u ou="Users",dc="sosm",dc="lan" -g ou="Users",dc="sosm",dc="lan" -t msad -m cn="Administrator",ou="Users",dc="sosm",dc="lan" -w thepassword -b BOB
Then I add the domain broker :
vssat addbrokerdomain -b opsCenterMachine:3652 -d ldap:mydomain
Then i go to the managment console : Settings > Users .
I select " Existing domain user" , choose the "mydomain" just created.
I type the administrator account.
Everything is ok until now.
But when I try to connect, i always have the same error :
"Login was not successful. Please make sure the username, password, and selected domain are correct for your user account. "
In the logs file, I found :
##########################################################,9:debugmsgs,1
0,58330,18,18,12587,1408972518213,24389,140439730071296,0:,72:(24388|140439730071296) New thread spawned to handle the client request.,9:debugmsgs,1
0,58330,18,18,12588,1408972518340,24389,140439730071296,0:,55:************ Getting LDAP Server Attributes ***********,9:debugmsgs,1
0,58330,18,18,12589,1408972518340,24389,140439730071296,0:,51:************ Got LDAP Server Attributes ***********,9:debugmsgs,1
0,58330,18,18,12590,1408972518340,24389,140439730071296,0:,28:Referral chasing set to OFF.,9:debugmsgs,1
0,58330,18,18,12591,1408972518340,24389,140439730071296,0:,65:(24388|140439730071296)CAuthLDAP::initializeLDAPServer succeeded.,9:debugmsgs,1
0,58330,18,18,12592,1408972518341,24389,140439730071296,0:,18:domain = sosm.lan9,9:debugmsgs,1
0,58330,18,18,12593,1408972518341,24389,140439730071296,0:,14:AuthType = BOB,9:debugmsgs,1
0,58330,18,18,12594,1408972518341,24389,140439730071296,0:,17:SearchScope = SUB,9:debugmsgs,1
0,58330,18,18,12595,1408972518341,24389,140439730071296,0:,36:UserBaseDN = ou=Users,dc=sosm,dc=lan,9:debugmsgs,1
0,58330,18,18,12596,1408972518341,24389,140439730071296,0:,25:UserAttr = sAMAccountName,9:debugmsgs,1
0,58330,18,18,12597,1408972518341,24389,140439730071296,0:,52:AdminUser = cn=Administrator,ou=Users,dc=sosm,dc=lan,9:debugmsgs,1
0,58330,18,18,12598,1408972518341,24389,140439730071296,0:,22:UserObjectClass = user,9:debugmsgs,1
0,58330,18,18,12599,1408972518341,24389,140439730071296,0:,22:UserGIDAttr = memberOf,9:debugmsgs,1
0,58330,18,18,12600,1408972518341,24389,140439730071296,0:,67:search filter = (&(sAMAccountName=administrator)(objectclass=user)),9:debugmsgs,1
0,58330,18,18,12601,1408972518343,24389,140439730071296,0:,49:ldap_simple_bind_s error: 49, Invalid credentials,9:debugmsgs,1
0,58330,18,18,12602,1408972518343,24389,140439730071296,0:,69:Unable to bind as admin user cn=Administrator,ou=Users,dc=sosm,dc=lan,9:debugmsgs,1
0,58330,18,18,12603,1408972518343,24389,140439730071296,0:,70:(24388|140439730071296)CAuthLDAP::Unable to search user administrator ,9:debugmsgs,1
0,58330,18,18,12604,1408972518383,24389,140439730071296,0:,72:(24388|140439730071296) Finished handling client request.Thread exiting.,9:debugmsgs,1
0,58330,18,18,12605,1408972518383,24389,140439730071296,0:,95:(24388|140439730071296) ##########,9:debugmsgs,1##############################################
It shows "Invalid credentials" but i'm sure the credentials are correct !
09-02-2014 01:24 AM
Up !
09-03-2014 12:54 PM
A few more steps listed in Article URL http://www.symantec.com/docs/TECH182069
Solution
Use below command to add LDAP/AD domain in VxAT(in this example AT is residing on local OpsCenter).
# vssat addldapdomain --domainname <any name ex ADBOB> --server_url <ldap://<system FQDN having LDAP setup> --user_base_dn <base DN like DC=Denali,DC=com> --group_base_dn <base DN like DC=Denali,DC=com> --schema_type msad --admin_user <admin use info like CN=Administrator,CN=Users,DC=Denali,DC=com> --admin_user_password <passwd> --auth_type BOBTo see list of ldap domains:# vssat listldapdomains- Add broker domain mapping in local registry# vssat addbrokerdomain --broker <local AT broker FQDN> --domain ldap:ADBOBList all broker domains:# vssat showallbrokerdomains- Try to authenticate an LDAP user to ensure the set-up is working# vssat authenticate --prplname <ldap user> --password <ldap user passwd> --domain ldap:ADBOB --broker <AT broker name>- Add ldap users after login to OpsCenter ‘Setting -> Users’- Now on login page user should see the ldap domain in drop down list