UCMDB and UD Practitioners Forum (Previously CMS)
Showing results for 
Search instead for 
Do you mean 

ucmdb ldap integration issue

SOLVED
Go to Solution
Frequent Advisor

ucmdb ldap integration issue

Hi all,

I have some trouble to integrate ucmdb with ldap. i have a user name/password and url which i entered in ad explorer and i can connecto to ldap.

what is this group configurations in ucmdb. can someone tell me the entire authentication workflow?

 suppose i login with my ad username and password to ucmdb. what happens next? i'm a member of ldap group in ucmdb which has some limited permission to ucmdb. 

to which group in ldap i need to map this ldap group (ucmdb group name)? why we need to map this?

Regards,

Kunj

 

 

4 REPLIES
Trusted Contributor

Re: ucmdb ldap integration issue

Hello Kunjappy,

The entire authentication workflow should be:

1. Connect to the LDAP server
2. Bind as admin-type /enough privileges/ user, for example cn=user1
3. Search if the user we are searching exist, for example cn=user2
4. Bind as that user, new successful bind with the received user cn=user2
5. Re-bind as admin-type user cn=user1
6. Search for the requested user and collect attributes, for example retrieving all visible attributes for user user2
7. Retrieve all entries beneath user2 restricted by Group Base Filter > Root Group Filter > User Filter

You could use the Wireshark tool to trace all those steps. Your questions concern the LDAP mechanism. It would be great if you can involve an LDAP administrator to assist you.

Best Regards,
Nikola

------------------------
Nikola Todorov
HPE Software Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Frequent Advisor

Re: ucmdb ldap integration issue

[ Edited ]

Thanks for your support. I have doubts regarding the groups. Please check thes photo. 

Capture.JPG

If i have 2 Active directory users. Do i need to add them separately in ucmdb users/groups or the ldap admin should add them to the ldap groups to gain access to ucmdb.

Regards,

K

Frequent Advisor

Re: ucmdb ldap integration issue

Hi,

I have created a group in ucmdb and one in AD. I have mapped that group in ucmdb and through jmx console i can see the group and group members.

But if i test ldap connection i can see the group but the "has members" value is false. Also i cant login to ucmdb with my ad user id ans password. ITs allowing me to login using the ucmdb userid and password. 

Regards,

K

 

Frequent Advisor

Re: ucmdb ldap integration issue

the issue was with the certificates. After importing the certificates the integration is working fine. Thanks for all the help

//Add this to "OnDomLoad" event