3 Replies Latest reply on Nov 5, 2015 9:32 AM by Murali Balijepally

    SSO 9.00.01 and LDAP, what am I doing wrong?

    Jon Trotter
      Share This:

      I get this error in the logs,

       

      "2015-11-04 18:14:08"    "Login Failed"    user1 "Not Available"    192.168.1.100    INFO    o=bmcrealm,ou=services,dc=opensso,dc=java,dc=net    "cn=dsameuser,ou=DSAME Users,dc=opensso,dc=java,dc=net"    AUTHENTICATION-200    BMC_AUTH_MOD__BmcRealm_LDAP_1446678671045    "Not Available"    192.168.1.100

       

      The certificate is installed and I tried with the default one as well.  Once that was imported, I added the LDAP authentication information and deleted the internal LDAP.  Getting the errors above, it seems as though it is passing the wrong information to AD.  My first question is, is this an internal to external pass and would this look normal?  Secondly, if this is normal, any guidance on what will work?  I'll go out on a limb and state that I've followed the guide, but that is only as best I can follow it. Maybe I have done something incorrectly, but kinda kit a wall and looking for some advice on what I could be doing wrong.

       

      We've opened a ticket prior to this version, but we did a clean install of 9.00.01 and just cannot get this to work. It really shouldn't be this difficult to align the SSO server with AD given that we've done it with multiple other products directly without issue. Credentials passed are correct and valid and have been tested using the other applications we already have integrated with AD.

        • 1. Re: SSO 9.00.01 and LDAP, what am I doing wrong?

          These messages are common. it is trying to search in the internal database. To find out what's causing the issue do the following

          1. login to ASSO console.

          2. Click edit server configuration

          3. Change the log level to "Message" and save

          4. Test

          5. Open the debug.out.* file

          6. Search for "Validating user" and follow the logs. It will show you what's the actual problem is.

          • 2. Re: SSO 9.00.01 and LDAP, what am I doing wrong?
            Jon Trotter

            Made some progress! Had to create a new certificate and import it, which gave me this,

             

            "2015-11-05 10:02:23" "Login Success" "id=T\, Jon,ou=user,o=bmcrealm,ou=services,dc=opensso,dc=java,dc=net" 29d6300b92693ac901 0:0:0:0:0:0:0:1 INFO o=bmcrealm,ou=services,dc=opensso,dc=java,dc=net "cn=dsameuser,ou=DSAME Users,dc=opensso,dc=java,dc=net" AUTHENTICATION-100 BMC_AUTH_MOD__BmcRealm_LDAP_1446782955137 "Not Available" 0:0:0:0:0:0:0:1

            Need to get the access squared away for the proper admin access to the SSO application and start integrating the different products, but this was a great step!

            • 3. Re: SSO 9.00.01 and LDAP, what am I doing wrong?

              That is great. Just make sure that user ids you are getting from ldap is what you need. whether you want all in lower case or upper case? choose an attribute in LDAP that can give this value directly.

               

              Good luck with rest of the integratio