BladeSystem Management Software

LDAP/SIM error in Onboard Administrator (OA) (requesting web service)

 
chuckk281
Trusted Contributor

LDAP/SIM error in Onboard Administrator (OA) (requesting web service)

Scott was looking to help a customer:

 

********************

 

Hey folks,

 

Not much of an LDAP guy, but here goes.  Getting lot's of these in customer OA:

 

Dec  7 14:16:01  LDAP: authentication failure; novant\ibmdirector for web service service, not a member of any configured group
Dec  7 14:16:01  OA: Authentication failure for user novant\ibmdirector from 10.3.6.179, requesting web service

In the OA, the 10.3.6.179 is set as the SNMP Trap Receiver, so I'm guessing that this is the HP SIM CMS.  The LDAP settings from show all are as follows:

 

>SHOW LDAP INFO

Directory Services (LDAP)
        Enabled                   : Enabled
        Local Users Enabled       : Enabled
        NT Name Mapping           : Enabled
        Directory Server          : 10.3.10.42
        Directory Server SSL Port : 636
        Search Context #1         : OU=LAN,OU=IT,OU=Corp,DC=nh,DC=novant,DC=net
        Search Context #2         : OU=Users,OU=Corp,DC=nh,DC=novant,DC=net
        Search Context #3         : 
        Search Context #4         : 
        Search Context #5         : 
        Search Context #6         : 
 
 

TOP


>SHOW LDAP CERTIFICATE

No certificates were found.
 
 
 

TOP


>SHOW LDAP GROUP LIST

 Privilege    LDAP Group /
 Level        Description
 -----------  ----------------
 User         TWGSuperAdmins
              For IBM Director
 Admin        Windows System Engineering Team

 

I need to give some advice to my customer about how to resolve... is this a matter of adding the group "ibmdirector" as shown in the original error message?

 

*****************

 

Chris was looking to help Scott:

 

********************

 

The user account “ibmdirector” is attempting to authenticate to the OA via port 80 and 443.  The second message is saying that it couldn’t find that user account in any of the defined LDAP Groups defined.  If that user account requires access to the OA, then you should add it to one of the LDAP Groups configured within the OA.

 

*********************

 

Any other input for Scott?