Please take this survey to help us learn more about how you use third party tools. Your input is greatly appreciated!

LDAP Authentication in Managment Console

I'm having issues getting LDAP Authentication to work - "Cannot find the person given the specified search filters".

My users are a few OUs deep in AD. Here is myself for an example:

CN=David Serpa,OU=Tech Group,OU=Company Users,DC=company,DC=com

I've tried entering it in various ways but I keep getting the above error.

image

If anyone can point me in the right direction it would be much appreciated!

Comments


  • Try setting the Search path to - objectClass=user
  • I had the same issue and it was determined that there is a bug in MC. In some instances I was able to get MC ldap to authenticate the users that were in a specific group but when I needed to go more generic it would not work. I used the same parameters as were working for the database and MC would NOT authenticate as where the database would. I and others left reasonable comments in this forum so you can search for "LDAP" and should be able to find them. We had Vertica support on site that week and he submitted a problem report about this for us after we both could not make it work like the database.
    We are on 7.1.1.
  • Raul - thank you for the assistance, but that doesn't seem to help. RCasey, we are also on 7.1.1 and have it working without issue in the database but the MC is where the issue is. At one point it returned a "1" instead of the above error but the login still did not work. I haven't been able to find anything on ldap and MC integration on the site that gives examples of a working config.
  • The screen may not be the right one.  There are two views for the LDAP config in the MC - Authentication and the ADD user.
    Here is the complete info to try -
    Change the settings on the management console LDAP Authentication (Use LDAP for user authentication - Authentication tab) screen by using the output of the ldapsearch ;
    1) correct the Base DN ou's and dc's that made the correct path to the user entries.
    2) set the deault search path to "objectClass=user"
    3) set the User search Attribute to "sAMAccountName"
    on the "ADD user using LDAP authentication" screen let the search path and user search attribute default from the initial setup screen
     
  • Raul,

    Thank you! That worked. I did not get a confirmation when I clicked verify, however when I logged off and tried logging in with the saved user it worked using AD credentials.

  • Did not work for me however : MC Authentication [verify] replies with Congratulations , your ldap settings have been verified. However when I add a user with ldap authentication and [Verify User] then I am still getting : Cnnot find the person given the specified search filters.
    When I set the  Search path to OU= ( without further spec) and [Verify User] I get the reply : 1
    ( not certain what that is supposed to mean ) but I will not be able to logon as that (ldap auth'ed) user
    ldapsearch and ldap authentication with the same settings as MC-Authentication work just fine. I'd appreciate if someone could help
  • I had these same things happen when I was trying to use ldap in MC and we had vertica onsite at the time. He and I researched the issue and it was determined that MC had a "bug" and the issue was written up. Under certain conditions the MC will not validate even though ldapsearch will validate. The same path that MC would not validate actually would validate under the database. I was able to verify my parameters by checking the vertica.log(tail -F vertica.log) and actually see the parameters authenticate or not. We have still not resolved that one issue. If you find out what the "1" means please share that. Release is 7.1.1.

  • Hi RCasey
    If you do get a solution ,  I'd really appreciate if you could share it .
    Thanks
  • Hi Karin, I was able to get this work, sharing my settings to help. There is a "bug" or limitation. The LDAP search will not traverse containers so if you have it pointed to "users" the actual user needs to be in that container, if it is in a sub container it will not find it. We have an open ticket with Vertica on this and were told it will be fixed in a future update. Good luck!



    David


    image
  • David, thanks for that simple and correct explanation. It is workable as you suggest.
  • Hi David
    Indeed thanks for your reply , however it did not work for me ( unluckily ) . When I set the admin to base-dn adding CN ( using my own account ) , verifications fails with error 49 ( invalid credentials )
    Are you using the ldap server password or account password ? ( In fact I tried both and both returned err. 49 )  and ... is the authentication than bound to your specific account ?

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file

Can't find what you're looking for? Search the Vertica Documentation, Knowledge Base, or Blog for more information.