NMC: LDAP authentication for Console users

I changed the user id attribute to "uid=allowedUsers" and I am now getting the following error message:

No entry in hierarchy 'OU=Groups27,OU=Groups,OU=JDW,OU=Asia,OU=Earth,DC=AE,DC=domainename,DC=net' has an attribute "allowedUsers"

And this is all despite that group being present in the above directory.

Is the fact that I am accessing the group with a service account part of the problem?

If anyone has successfully configured an LDAP authentication for the Console, could the please send me an example of the correct configutrations.

Thanks in advance.

Thanks Rickard.

The information provided cleared up a few things although I have some questions regarding your setup.

Did you use a service account for distinguished name? I tried using the group name and for password one of the group's members and that didn't work.

Does sAMAccountName have to be a single string? Ours is a string with many spaces between the characters.

Does Person have to a member of that  group?

Cheers and thanks in advance.

Rodney

Rickard,

It almost works! However on the last page when configuring the Console Security Administrator role, I have no idea what's the correct value to insert.

I tried:

sAMAccopuntName , console user, console application administrator and console security adminstrator without success, I also tried a username that's a member of the group in AD and all I got was External Role <> invalid.

Also I was wondering if the LDAP user had been added correctly to the Networker Administrator group as this is the format i used:

user=LDAP_riwq, host=domain.net (where the NMC is hosted) with riwq being a member of the AD group that I want to allow access to NMC via LDAP authentication.

Many thanks for the assistance youve already given me.

Regards,

Rodney    

Hi,

You should only add the accounts that you want to be console security administrators. You add accounts by just writing the name of the account, one per line, with capitals. Note that the account must be in the OU you set up in the field User Search Path.

Cheers

Rickard

Thanks, Configuration works.

Hi everybody!

I have the same problem with LDAP authentication and Networker 7.6, so would you help me, please?

First of all, would you discribe me what is the correct value of field <<User Object Class>>?
In knowledgebase article https://solutions.emc.com/emcsolutionview.asp?id=esg105187  this value is "user" (without quotas), but R.Friberg adviced value "person" (without quotas).

Then, it's not clear for me what I must type in field <<External Role>> ? I'm understand, that here I must enter a list of users or groups, which would have admin right, but how to do it?
I tryed to enter my account name in different formats: jsazonov, jsazonov@domain.com, domain/jsazonov in lowercase and uppercase  - but without any good results. I always have error message "External role is invalid".

Hi Mate,

I left the User Object Class field blank.

An External Role is required because that person would have the rights to edit the Login Authentication and pretty much administer the NMC settings.

I suggest looking at the mapping you put for User Search Path, go there in Active Directory, find your account and enter it as it is.

If your User ID Attribute is sAMAccountName, then what ever you enter in the External Roles has to a sAMAccountName value.

Hope this helps, as I am also coming to terms and understanding of NMC under LDAP authentication.

P.S. Does anyone know how to debug the login process under LDAP authentication?

Hi, Rodders.

As I already wrote the problem was on  "External Role" page.

Thank you for help, now it works.

Best regards.

Hi, Anyone managed to resolve this? Thanks.

Hi btan22,

Would you please open a new discussion thread and mention what is the problem you are having with the error message you receieved and you can for sure reference to this Answered thread in your new discussion.

Thanks,

Ahmed Bahaa