User account gets imported into Foglight from the target OU and it's possible to assign a role to the user, but the user cannot authenticate to the foglight console after verifying that the password is correct.
These errors were found on the ManagementServer* logs:
2018-12-07 14:02:00.554 ERROR [cywkxqfmqg-1] function id: system:administration_userssecurity_directory_services.usernameLookup - LDAP search error.
javax.naming.InvalidNameException: ,DC=EXAMPLE,DC=org: [LDAP: error code 34 - 0000208F: NameErr: DSID-0310022D, problem 2006 (BAD_NAME), data 8350, best match of:',DC=EXAMPLE,DC=org']; remaining name ',DC=EXAMPLE,DC=org'
2018-12-07 14:05:19.012 ERROR [cywkxqfmqg-2] function id: system:administration_userssecurity_directory_services.usernameLookup - LDAP search error.
javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=EXAMPLE,DC=org'
2018-12-07 14:58:21.837 ERROR [http-exec-7] script.system:administration_userssecurity_ldap.findExternalGroups - javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=EXAMPLE,DC=org']; remaining name 'OU=Users,DC=EXAMPLE,DC=org'
Issue was caused because LDAP Query prefix had been to sAMAccount= instead of CN=.
Navigate to Dashboards | Administration | Users & Security -> Directory Services Settings.
Pick the configuration that is being affected (this is only necessary if you have more than one domain configured).
Change the value of LDAP Query prefix to CN=.
© 2022 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Nutzungsbedingungen Datenschutz