cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Adding LDAP to OPSCenter

Abdel91
Level 2

‎08-25-2014 06:25 AM

Hello,

 

 

I need some help about registering an LDAP Active Directory to OPSCenter.

As explained , i added the domain following your instructions :

vssat addldapdomain -d sosm.lan9 -s ldap://myLDAPmachine -u ou="Users",dc="sosm",dc="lan" -g ou="Users",dc="sosm",dc="lan" -t msad -m cn="Administrator",ou="Users",dc="sosm",dc="lan" -w thepassword -b BOB

Then I add the domain broker :

vssat addbrokerdomain -b opsCenterMachine:3652 -d  ldap:mydomain

Then i go to the managment console : Settings > Users .
I select " Existing domain user" , choose the "mydomain" just created.

I type the administrator account.
Everything is ok until now.

But when I try to connect, i always have the same error :

"Login was not successful. Please make sure the username, password, and selected domain are correct for your user account. "

 

In the logs file, I found : 

##########################################################,9:debugmsgs,1
0,58330,18,18,12587,1408972518213,24389,140439730071296,0:,72:(24388|140439730071296) New thread spawned to handle the client request.,9:debugmsgs,1
0,58330,18,18,12588,1408972518340,24389,140439730071296,0:,55:************ Getting LDAP Server Attributes ***********,9:debugmsgs,1
0,58330,18,18,12589,1408972518340,24389,140439730071296,0:,51:************ Got LDAP Server Attributes ***********,9:debugmsgs,1
0,58330,18,18,12590,1408972518340,24389,140439730071296,0:,28:Referral chasing set to OFF.,9:debugmsgs,1
0,58330,18,18,12591,1408972518340,24389,140439730071296,0:,65:(24388|140439730071296)CAuthLDAP::initializeLDAPServer succeeded.,9:debugmsgs,1
0,58330,18,18,12592,1408972518341,24389,140439730071296,0:,18:domain = sosm.lan9,9:debugmsgs,1
0,58330,18,18,12593,1408972518341,24389,140439730071296,0:,14:AuthType = BOB,9:debugmsgs,1
0,58330,18,18,12594,1408972518341,24389,140439730071296,0:,17:SearchScope = SUB,9:debugmsgs,1
0,58330,18,18,12595,1408972518341,24389,140439730071296,0:,36:UserBaseDN = ou=Users,dc=sosm,dc=lan,9:debugmsgs,1
0,58330,18,18,12596,1408972518341,24389,140439730071296,0:,25:UserAttr = sAMAccountName,9:debugmsgs,1
0,58330,18,18,12597,1408972518341,24389,140439730071296,0:,52:AdminUser = cn=Administrator,ou=Users,dc=sosm,dc=lan,9:debugmsgs,1
0,58330,18,18,12598,1408972518341,24389,140439730071296,0:,22:UserObjectClass = user,9:debugmsgs,1
0,58330,18,18,12599,1408972518341,24389,140439730071296,0:,22:UserGIDAttr = memberOf,9:debugmsgs,1
0,58330,18,18,12600,1408972518341,24389,140439730071296,0:,67:search filter = (&(sAMAccountName=administrator)(objectclass=user)),9:debugmsgs,1
0,58330,18,18,12601,1408972518343,24389,140439730071296,0:,49:ldap_simple_bind_s error: 49, Invalid credentials,9:debugmsgs,1
0,58330,18,18,12602,1408972518343,24389,140439730071296,0:,69:Unable to bind as admin user cn=Administrator,ou=Users,dc=sosm,dc=lan,9:debugmsgs,1
0,58330,18,18,12603,1408972518343,24389,140439730071296,0:,70:(24388|140439730071296)CAuthLDAP::Unable to search user administrator ,9:debugmsgs,1
0,58330,18,18,12604,1408972518383,24389,140439730071296,0:,72:(24388|140439730071296) Finished handling client request.Thread exiting.,9:debugmsgs,1
0,58330,18,18,12605,1408972518383,24389,140439730071296,0:,95:(24388|140439730071296) ##########,9:debugmsgs,1##############################################

 

 

It shows "Invalid credentials" but i'm sure the credentials are correct !

 

0 Kudos
2 REPLIES 2

Abdel91
Level 2

‎09-02-2014 01:24 AM

Up !

0 Kudos

Will_Restore
Level 6

‎09-03-2014 12:54 PM

A few more steps listed in Article URL http://www.symantec.com/docs/TECH182069

Solution


Use below command to add LDAP/AD domain in VxAT(in this example AT is residing on local OpsCenter).

 

 

# vssat addldapdomain --domainname <any name ex ADBOB> --server_url <ldap://<system FQDN having LDAP setup> --user_base_dn <base DN like DC=Denali,DC=com> --group_base_dn <base DN like DC=Denali,DC=com> --schema_type msad --admin_user <admin use info like CN=Administrator,CN=Users,DC=Denali,DC=com> --admin_user_password <passwd> --auth_type BOB
 
To see list of ldap domains:
            # vssat listldapdomains
 
-          Add broker domain mapping in local registry
            # vssat addbrokerdomain --broker <local AT broker FQDN> --domain ldap:ADBOB
 
List all broker domains:
            # vssat showallbrokerdomains
 
-          Try to authenticate an LDAP user to ensure the set-up is working
      # vssat authenticate --prplname <ldap user>  --password <ldap user passwd> --domain ldap:ADBOB --broker <AT broker name>
 
-          Add ldap users after login to OpsCenter ‘Setting -> Users’ 
 
-          Now on login page user should see the ldap domain in drop down list
0 Kudos