In the System Management Hub we have configured authentication via an LDAP connection. When we test with the Validate button, we pass the 4 tests succesfully.
Then we want to add Users in Centrasite, and associate them with users from the LDAP, with the button Associate… However when in the Associate User screen, using the Search button, we don’t find any. All the time, whatever we type in the Search textbox, we get the message “There are no results matching your search criteria”.
How do I find the LDAP users?
We are using Centrasite Community Edition 8.2 SP1.
the first user associated with an external LDAP users needs to be added by hand by typing the correct DOMAIN\User information in the lower left corner of the Associate user dialog. Make this user a CentraSite Administrator. As soon as you are logged in with this LDAP user, you can search LDAP, depending on your LDAP permissions of course.
Hi Gerald, thanks for your suggestions. I tried to do so: I created a user MYDOMAIN\test (it exists in the LDAP, and with that user I pass the tests in the SMH) in the lower left corner (‘Type Domain User:’) of the Associate user dialog. I can see the new user in the Users list (with the UserID in capitals for some reason?).
Then I tried to make this user a CentraSite Administrator. I guess you mean to do that in the System Management Hub, don’t you? (I can also assign a role CentraSite Administrator to the new user…)
When I try Add Administrator in the SMH with the checkbox ‘Check SIN Authentication’ active, and I enter the new user, I get the warning “User ‘MYDOMAIN\test’ can’t authenticate.”
So I try with the checkbox inactive. Then the new user turns up in the list of CentraSite Administrators (with a forward slash: MYDOMAIN/test?).
Then I hope to log on with the new user, but I get “INMBAE0001: Log on failed. Make sure your user name and password are correct.”. I have tried to log on with ‘test’, ‘TEST’, ‘MYDOMAIN\test’, ‘MYDOMAIN/test’, ‘MYDOMAIN\TEST’, ‘MYDOMAIN/TEST’, all of them fail to log on.
sorry for being unclear, in the first part, when you define a user in CentraSite, I actually meant “assign a role CentraSite Administrator to the new user”. I am not sure why the UserID is changed to upper case by CentraSite login is case sensitive so the correct user in your case to log in with is MYDOMAIN\TEST, as shown also under the “User ID” tab in the user list. When you try with that user again, please have a look in the log wrapper.log in the directory /profiles/CTP/logs, is an error shown and does it give us any clue. One last try could be to restart the CentraSite database and if that also fails, I need to tell you how to switch on security logging.
javax.security.auth.login.LoginException: SSX Error: User login failed (-16)
I also gave my test user the role CentraSite Administrator. Doesn’t make a difference.
On start-up there have been errors like:
Pre-initialize of database connection failed. Will be retried on next findTargetId invocation. Cause: java.io.IOException: Server returned HTTP response code: 502 for URL: http://:53305/CentraSite_authenticated/CentraSite/ino:dav/ino:dav/passman/defaultPassStore.dat
And occasionally the following messages:
WARN (com.centrasite.federation.server.FederationSOAPBindingImpl:62) - Federation Administrator is not defined.
WARN : Remove plug-in ‘com.centrasite.control’ from registry without removal of depending plug-ins
ERROR: Plug-in com.centrasite.federation.ui: required plug-in ‘com.centrasite.control’ not found
WARN : Remove plug-in ‘com.centrasite.federation.ui’ from registry without removal of depending plug-ins
ERROR: Plug-in com.softwareag.centrasite.policy: required plug-in ‘com.centrasite.control’ not found
WARN : Remove plug-in ‘com.softwareag.centrasite.policy’ from registry without removal of depending plug-ins
ERROR: Plug-in soalink.plugin: required plug-in ‘com.centrasite.control’ not found
WARN : Remove plug-in ‘soalink.plugin’ from registry without removal of depending plug-ins
WARN : Remove plug-in ‘com.softwareag.systemmanagementhub’ from registry without removal of depending plug-ins
please find the jaas.config file in your installation, normally in the folder /profiles/CTP/config, copy it to a safe location and modify the PluggableUI login context by adding the following lines:
Hi Gerald, yes that worked! Now I can log on using the LDAP user. That’s great. Next step is to retrieve some other users from the LDAP. That doesn’t work yet, maybe because of my LDAP autorisations. I will check on that and get back here.
Now I have a LDAP user that should have read access to the LDAP. I can log in to CentraSite with that user. Now I want to add more users from the LDAP. So I click Associate… in the Add User screen. I get the window Associate User. In this window unfortunately the Search doesn’t work: I cannot even enter the attribute to search for, there is only an empty droplist. See attached picture.
Do I have to complain at my LDAP Manager that my permissions are not yet appropriate? Or is there something else? Which logfile should point this out?
the question is what kind of field did you specify on the second page of the LDAP configuration in SMH, or did you use the command line tool? The fields defined there determine the available search field and should match your LDAP settings which you usually get from the LDAP administrator. I attached a simple example where the left side refers to the possible values that CentraSite can handle and the right side defined the corresponding attribute name(s) in your LDAP repository.
I see… I had all those fields blank. Now I filled in the mapping for a few attributes, and indeed those attributes appear in the droplist. Now I can also add other individual users from the LDAP.
When searching with wildcard *, or otherwise wih a large resultset, it looks like the Centrasite database crashes…
But that is something else, I will have to look in the logfiles for this.
