Skip to Content
author's profile photo Former Member
Former Member

LDAP Config on Win2008 - users cannot login to infoview but can CMC

Hi i have an enterprise tool CA spectrum and that is configured to use LDAP users - which works well - the spectrum tool integrates with BOXI Product: 12.1.0 from the spectrum tool there is an infoview link which launches infoview and should go straight to infoview document list.

It does this successfully for 1 user which is the install user for both spectrum and boxi (on different servers)

There is a spectrum users group created in ldap.

I have added this group into the LDAP configuration page and the LDAP config updates with no error

LDAP Authentication is enabled

Synchronize Data Source Credentials with Log On

Enable and update user's Data Source Credentials at logon time

LDAP Server Configuration Summary

To change a setting, click on the value to start the LDAP Configuration Wizard.

LDAP Hosts: 43.0.x.x:389

LDAP Server Type: Custom

Base LDAP Distinguished Name: DC=domain,DC=NOC

LDAP Server Administration Distinguished Name: CN=Administrator,CN=Users,DC=domain,DC=noc

LDAP Referral Distinguished Name: " "

Maximum Referral Hops: 0

SSL Type: Basic (no SSL)

Single Sign-On Type: None

Mapped LDAP Member Groups Add LDAP group (by cn or dn):

secLDAP:cn=spectrum users, cn=users, dc=domain, dc=noc

New Alias Options

Assign each added LDAP alias to an account with the same name

Create a new account for every added LDAP alias

Alias Update Options

Create new aliases when the Alias Update occurs

Create new aliases only when the user logs on

New User Options

New users are created as named users

New users are created as concurrent users

Attribute Binding Options

Import Full Name and Email Address

Give LDAP attribute binding priority over AD attribute binding

Now when im logged into spectrum as another ldap user and click the infoview link i get a login prompt and it will not accept my ldap user details giving me an error ..

u2022Account Information Not Recognized: Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)

But i can use the same user and log into CMC ok

Looks to me something like the Infoview needs an enterprise account to login as opposed to a LDAP account and they aren't be related to each other ?

Also where are the login log files found if any exist ?

Thanks.

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Dec 13, 2011 at 12:38 PM

    Just to add the LDAP group has been added to the Report Admin group in CMC

    Also i have nothing enterered in the LDAP referral settings - does anything need to be entered here ?

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Alexander Klammrodt

      Thanks Alex .. i changed my base directory to ..

      CN=Users,DC=domain,DC=noc which is exactly what my base directory is set to in my other toolset.

      but i still have the same issue.

      Can i put this into debug so i can see if theres any other info when login fails ?

      thanks.

  • Posted on Dec 13, 2011 at 03:30 PM

    A quick tip, make sure the Distinguished name is all in small letters, I've seen various issues when they are in CAPS. Also, if I were you, I would play around with the DN some more, take a look at what others have done, it's extremely picky, and if you aren't pointing to the right container, you won't receive a direct error message, but instead the error message that you are receiving.

    Alex

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Ok so if look at the user in CMC i can uncheck the user must change password at login and then go back to my launch infoview tab it all works ..

      So looks like it is initially looking for an enterprise account and then using LDAP ?

      Anyway i can uncheck this "password change" at a global level so it is unchecked for any newer users added in the future.

      Also If i want to use the Infoview shortcut locally on the BOXI server i cannot log in with my LDAP credentials - so i can only login from the infoview tab from my spectrum application.

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.