5 Replies Latest reply on Aug 20, 2015 7:41 AM by Bill Robinson

    Failed to map user to local user: Problems with LDAP-Usernames?

    Joerg Dembski

      Hi,

       

      in BSA we are using the LDAP authorization which is working fine. But when I'm logged in as my user I'm unable to access any of my servers. I believe that the RSCD-agent has problems with the username:

       

      rscd.log:

      rscd -  ::ffff:53.18.151.29 62333 0/0 (BLAdmins:BLAdmin): CM: > [ACLPush] Pushing of AgentACL to XXXXXXXX  succeeded

      rscd -  ::ffff:53.18.151.29 62667 0/0 (BLAdmins:CN=EEDC_a_JDEMBSK-ADM%2cOU=UsersAdministrative%2cOU=_GlobalResources%2cOU=EEDC%2cDC=emea%2cDC=corpdir%2cDC=net): nsh: Failed to map user to local user

       

      This is how my users file looks like:

      # Date created: Wed Aug 12 16:28:51 CEST 2015

      # Created by BLAdmins:BLAdmin from Application Server sedcajcdp300_job_instance0 running on host sedcajcdp300.emea.svc.corpintra.net

      # BLAdmins ACLs

      BLAdmins:BLAdmin                                                                                                                        rw,map=root,tcptunnel

      BLAdmins:CN=EEDC_a_JDEMBSK-ADM%2cOU=UsersAdministrative%2cOU=_GlobalResources%2cOU=EEDC%2cDC=emea%2cDC=corpdir%2cDC=net                 rw,map=root,tcptunnel

       

      # NSH-only ACLs

      BLAdmin                                                                                                                                 rw,map=root,tcptunnel

       

      nouser

       

       

      I did not manually edit this file, but pushed the ACLs using a ACL push job. As you can see the user is in there, but the RSCD-Agent is unable to map it properly.

       

      Do you have any advice in how to solve this problem?

        • 1. Re: Failed to map user to local user: Problems with LDAP-Usernames?
          Bill Robinson

          that seems to work ok for me. i have:

           

          BLAdmins:BLAdmin                                          rw,map=root,tcptunnel
          BLAdmins:cn=Administrator%2ccn=users%2cdc=sso%2cdc=bmc%2cdc=com   rw,map=root,tcptunnel

           

          # NSH-only ACLs

          BLAdmin                                                   rw,map=root,tcptunnel
          cn=Administrator%2ccn=users%2cdc=sso%2cdc=bmc%2cdc=com    rw,map=root,tcptunnel

           

          and in the rscd log i see it work:

          6fc3e553cd8fa986d24b 0000000026 08/18/15 10:29:08.638 INFO1rscd -  ::ffff:192.168.52.204 12693 0/0 (BLAdmins:cn=Administrator%2ccn=users%2cdc=sso%2cdc=bmc%2cdc=com): CM: > [Client] Retrieving the root filesystem

           

          what version is the appserver and the target agent ?

          • 2. Re: Failed to map user to local user: Problems with LDAP-Usernames?
            Joerg Dembski

            It is 8.6 SP1 for AppServer and RSCD Agents...

             

            Could it be the length of the user id?

            • 3. Re: Failed to map user to local user: Problems with LDAP-Usernames?
              Bill Robinson

              i tried a username w/ 91 characters (ldap string) and it worked ok.  i also tried w/ your account name:

               

               

              08/19/15 20:39:16.196 DEBUG    rscd -  suprh6x64app05s.sup.bladelogic.com 15414 -1/-1 (Not_available): (Not_available): FIPS already enabled

              08/19/15 20:39:16.371 DEBUG    rscd -  ::ffff:192.168.171.115 15414 -1/-1 (Not_available): (Not_available): Enabling keepalive on the connection

              08/19/15 20:39:16.372 DEBUG    rscd -  suprh6x64app05s.sup.bladelogic.com 15414 -1/-1 (Not_available): (Not_available): Waiting for a command

              08/19/15 20:39:16.488 DEBUG    rscd -  suprh6x64app05s.sup.bladelogic.com 15414 -1/-1 (Not_available): (Not_available): Received command:101 with arg:0;0;77;BLAdmins:CN=EEDC_a_JDEMBSK-ADM%2cOU=UsersAdministrative%2cOU=_GlobalResources%2cOU=EEDC%2cDC=emea%2cDC=corpdir%2cDC=net;3;nsh;-;-;0;-;1;1;a;bladelogic;UTF-8

              08/19/15 20:39:16.489 DEBUG    rscd -  ::ffff:192.168.171.115 15414 0/0 (BLAdmins:CN=EEDC_a_JDEMBSK-ADM%2cOU=UsersAdministrative%2cOU=_GlobalResources%2cOU=EEDC%2cDC=emea%2cDC=corpdir%2cDC=net): nsh: ***** New connection *****

              08/19/15 20:39:16.604 INFO     rscd -  ::ffff:192.168.171.115 15414 0/0 (BLAdmins:CN=EEDC_a_JDEMBSK-ADM%2cOU=UsersAdministrative%2cOU=_GlobalResources%2cOU=EEDC%2cDC=emea%2cDC=corpdir%2cDC=net): nsh: nsh -D //suprh6x64app05s.sup.bladelogic.com

              08/19/15 20:39:16.726 INFO2    rscd -  ::ffff:192.168.171.115 15414 0/0 (BLAdmins:CN=EEDC_a_JDEMBSK-ADM%2cOU=UsersAdministrative%2cOU=_GlobalResources%2cOU=EEDC%2cDC=emea%2cDC=corpdir%2cDC=net): nsh: chdir ("/") = 0

              08/19/15 20:39:16.847 INFO2    rscd -  ::ffff:192.168.171.115 15414 0/0 (BLAdmins:CN=EEDC_a_JDEMBSK-ADM%2cOU=UsersAdministrative%2cOU=_GlobalResources%2cOU=EEDC%2cDC=emea%2cDC=corpdir%2cDC=net): nsh: uname () = 1

               

               

              and that worked.

               

              is it possible the username has some hidden control characters in it ? or a trailing space ?

              • 4. Re: Failed to map user to local user: Problems with LDAP-Usernames?
                Joerg Dembski

                I have just found the problem: the "nouser" flag was in the users.local file. After removing it I was able to log in with my user account.

                 

                I'm sorry I didn't see that - thank you for your help!

                • 5. Re: Failed to map user to local user: Problems with LDAP-Usernames?
                  Bill Robinson

                  Ah – that should only be in users.  it goes exports -> users.local -> users, so if there was no match in users.local then processing stopped because of the nouser …