Avamar: How To Configure LDAP from scratch (group based)

Configure LDAP from scratch with removing the non-working LDAP configuration.

LDAP login is not working because of misconfigured ldap.properties or krb5.conf files.

Follow the below steps to configure LDAP from scratch:

1. Log in to utility node as root.
2. Keep the backup of existing ldap.properties and krb5.conf

     a) mv  /usr/local/avamar/etc/ldap.properties /usr/local/avamar/etc/ldap.properties.`date -I`
     b) mv /usr/local/avamar/etc/krb5.conf  /usr/local/avamar/etc/krb5.conf.`date -I`

3. Log in to Avamar Administrator user interface -> LDAP Management -> Add directory service -> Enter domain name (remember, it is not FQDN of DC, enter only domainname)
4. Once added successfully, edit ldap.properties and add these lines: 

     ldap.search.results.per.page=1000
     mcgui.trace=true

  -- save and close file.

5. Now run test from user interface(Avamar Administrator->LDAP Management -> Test Directory Service).
   Now add the group to LDAP maps.
6.  Avamar administrator->Account Management-> LDAP maps -> right-click on domain on right panel -> add group to LDAP maps (while  search use wildcards like domain* ).
7. Once group is added, try login to Avamar user interface with LDAP User (The The username should be username@domainname).
8. If the test is not successful:

For version 6.1.x:
     Log in to utility node with putty as root user, and run the command:

      avldap --testmcgui

       When prompt for group option, enter  A*

For version 7.x:

Does not have a command line test tool to use. Check /usr/local/avamar/var/mc/server_log/userauthentication.log
 

10. Raise PR for further troubleshooting with the output of

    avldap --testmcgui  (for version 6.1.x)

      or

   /usr/local/avamar/var/mc/server_log/userauthentication.log (for version 7)

    grep -v "#\|^$" /usr/local/avamar/etc/ldap.properties

    grep -v "#\|^$" /usr/local/avamar/etc/krb5.conf