LDAP Authentication in Managment Console

DavidSerpaDavidSerpa
in General Discussion
I'm having issues getting LDAP Authentication to work - "Cannot find the person given the specified search filters".

My users are a few OUs deep in AD. Here is myself for an example:

CN=David Serpa,OU=Tech Group,OU=Company Users,DC=company,DC=com

I've tried entering it in various ways but I keep getting the above error.

image

If anyone can point me in the right direction it would be much appreciated!

Comments

  • Raul_1Raul_1

    Try setting the Search path to - objectClass=user
  • RCaseyRCasey
    I had the same issue and it was determined that there is a bug in MC. In some instances I was able to get MC ldap to authenticate the users that were in a specific group but when I needed to go more generic it would not work. I used the same parameters as were working for the database and MC would NOT authenticate as where the database would. I and others left reasonable comments in this forum so you can search for "LDAP" and should be able to find them. We had Vertica support on site that week and he submitted a problem report about this for us after we both could not make it work like the database.
    We are on 7.1.1.
  • DavidSerpaDavidSerpa
    Raul - thank you for the assistance, but that doesn't seem to help. RCasey, we are also on 7.1.1 and have it working without issue in the database but the MC is where the issue is. At one point it returned a "1" instead of the above error but the login still did not work. I haven't been able to find anything on ldap and MC integration on the site that gives examples of a working config.
  • Raul_1Raul_1
    The screen may not be the right one.  There are two views for the LDAP config in the MC - Authentication and the ADD user.
    Here is the complete info to try -
    Change the settings on the management console LDAP Authentication (Use LDAP for user authentication - Authentication tab) screen by using the output of the ldapsearch ;
    1) correct the Base DN ou's and dc's that made the correct path to the user entries.
    2) set the deault search path to "objectClass=user"
    3) set the User search Attribute to "sAMAccountName"
    on the "ADD user using LDAP authentication" screen let the search path and user search attribute default from the initial setup screen
     
  • DavidSerpaDavidSerpa

    Raul,

    Thank you! That worked. I did not get a confirmation when I clicked verify, however when I logged off and tried logging in with the saved user it worked using AD credentials.

  • Karin_1Karin_1
    Did not work for me however : MC Authentication [verify] replies with Congratulations , your ldap settings have been verified. However when I add a user with ldap authentication and [Verify User] then I am still getting : Cnnot find the person given the specified search filters.
    When I set the  Search path to OU= ( without further spec) and [Verify User] I get the reply : 1
    ( not certain what that is supposed to mean ) but I will not be able to logon as that (ldap auth'ed) user
    ldapsearch and ldap authentication with the same settings as MC-Authentication work just fine. I'd appreciate if someone could help
  • RCaseyRCasey
    I had these same things happen when I was trying to use ldap in MC and we had vertica onsite at the time. He and I researched the issue and it was determined that MC had a "bug" and the issue was written up. Under certain conditions the MC will not validate even though ldapsearch will validate. The same path that MC would not validate actually would validate under the database. I was able to verify my parameters by checking the vertica.log(tail -F vertica.log) and actually see the parameters authenticate or not. We have still not resolved that one issue. If you find out what the "1" means please share that. Release is 7.1.1.

  • Karin_1Karin_1
    Hi RCasey
    If you do get a solution ,  I'd really appreciate if you could share it .
    Thanks
  • DavidSerpaDavidSerpa

    Hi Karin, I was able to get this work, sharing my settings to help. There is a "bug" or limitation. The LDAP search will not traverse containers so if you have it pointed to "users" the actual user needs to be in that container, if it is in a sub container it will not find it. We have an open ticket with Vertica on this and were told it will be fixed in a future update. Good luck!



    David


    image                        
    
                        
        
                        
    
                
    
            
    
        
    • 
                
  • 
            
    

                                                    
    
                                            
    
                                                
    
                                                            
    
                        
                                RCaseyRCasey
                        

                        
                                                    
                    
    
                    
    
                        
                                                   
                                                                    
    
                                                        
    
                
    
                    
    
                        
    
                            David, thanks for that simple and correct explanation. It is workable as you suggest.
                            
    
                        
        
                        
    
                
    
            
    
        
    • 
                
  • 
            
    

                                                    
    
                                            
    
                                                
    
                                                            
    
                        
                                Karin_1Karin_1
                        

                        
                                                    
                    
    
                    
    
                        
                                                   
                                                                    
    
                                                        
    
                
    
                    
    
                        
    
                            Hi David
    Indeed thanks for your reply , however it did not work for me ( unluckily ) . When I set the admin to base-dn adding CN ( using my own account ) , verifications fails with error 49 ( invalid credentials ) 
    Are you using the ldap server password or account password ? ( In fact I tried both and both returned err. 49 )  and ... is the authentication than bound to your specific account ?                        
    
                        
        
                        
    
                
    
            
    
        
    • 
                    

            
    
Leave a Comment

    
    

                

            

                

                    




BoldItalicStrikethroughOrdered listUnordered list
Format
SpoilerCodeQuote
Heading 2Heading 1
Emoji
:):D:(;):/:o:s:p:'(:|B):#:*<3o:)>:)
Url

                     
                      

                      
                      
                      

                   
Image

                      

                        
                     

                  
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file

Home  General DiscussionComment As ...