Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84863members
354350posts

DCO- Manage users/group via Active Directory 2012

EcoStruxure IT forum

A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.

Solved
DCIM_Support
Picard
Picard
0 Likes
8
570

DCO- Manage users/group via Active Directory 2012

This question was originally posted on DCIM Support by Boris on 2018-06-19


Hello

 

I try to manage users via the Active directory .For this I have created 2 groups (dcoadmin and dcousers  ). It's work on my lab perfectly when groups and users location are in USERS container into Active Directory.

 

Unfortunately in customer users location into  OU of the HR  and groups into a different container than USERS . This AD topology doesn't work .  I got to receive the very starnge error that user or password is incorrect. In jboss log I don't see any requests to AD .

 

I attach my configuration.

 

(CID:132654296)


Accepted Solutions
DCIM_Support
Picard
Picard
0 Likes
6
570

Re: DCO- Manage users/group via Active Directory 2012

This answer was originally posted on DCIM Support by Martin Bertelsen on 2018-06-19


Hi Boris,
Based on your screenshot your groups are located in dcoap02.dcoCon.trick.com 

your users are located in users.trick.com

and you authenticate with a user called "admin"
I recommend verifying that this is correct, i normally use a tool like Apache Directory Studio to connect and verify my Active Directory.

The error message you are getting indicates that one or more of your domain/username/password/"username attribute" and user search base are incorrect

What version of DCO are you running?
Could you possibly send a screenshot of the error message when i occurs?

Regards 
Martin Bertelsen

(CID:132654312)

See Answer In Context

8 Replies 8
DCIM_Support
Picard
Picard
0 Likes
6
571

Re: DCO- Manage users/group via Active Directory 2012

This answer was originally posted on DCIM Support by Martin Bertelsen on 2018-06-19


Hi Boris,
Based on your screenshot your groups are located in dcoap02.dcoCon.trick.com 

your users are located in users.trick.com

and you authenticate with a user called "admin"
I recommend verifying that this is correct, i normally use a tool like Apache Directory Studio to connect and verify my Active Directory.

The error message you are getting indicates that one or more of your domain/username/password/"username attribute" and user search base are incorrect

What version of DCO are you running?
Could you possibly send a screenshot of the error message when i occurs?

Regards 
Martin Bertelsen

(CID:132654312)

DCIM_Support
Picard
Picard
0 Likes
0
570

Re: DCO- Manage users/group via Active Directory 2012

This comment was originally posted on DCIM Support by Boris on 2018-06-19


Hello Martin

 

I'm working on DCO 8.2.2

 

it's correct that I written. The user admin that bind to AD is located into CN=USERS . The group dcoadmin into CN=dcoCon  . I'm using other ldap tool for check ldap path.

In server.log of the jboss clear 

 

(CID:132654332)

DCIM_Support
Picard
Picard
0 Likes
0
570

Re: DCO- Manage users/group via Active Directory 2012

This comment was originally posted on DCIM Support by Boris on 2018-06-19


This in my lab and I can to do what I want .

(CID:132654335)

DCIM_Support
Picard
Picard
0 Likes
0
570

Re: DCO- Manage users/group via Active Directory 2012

This comment was originally posted on DCIM Support by Martin Bertelsen on 2018-06-19


Your user search base is "CN=USERS"
you are trying to log in with a user "agaf" whom is located in "OU=MyUsers"

The user search base is where you fetch users from when synchronizing ("CN=MyUsers"), not necessarily where the user who authenticates the AD server itself is located.

Try replacing CN=USERS with OU=MyUsers

 

Regards

Martin Bertelsen

 

(CID:132654360)

DCIM_Support
Picard
Picard
0 Likes
0
570

Re: DCO- Manage users/group via Active Directory 2012

This comment was originally posted on DCIM Support by Boris on 2018-06-19


many thanks

I'll try and notify to you

(CID:132654399)

DCIM_Support
Picard
Picard
0 Likes
0
570

Re: DCO- Manage users/group via Active Directory 2012

This comment was originally posted on DCIM Support by Boris on 2018-06-25


Many thanks Martin

You are right - it's working .

Many thanks

(CID:132656505)

DCIM_Support
Picard
Picard
0 Likes
0
570

Re: DCO- Manage users/group via Active Directory 2012

This comment was originally posted on DCIM Support by Martin Bertelsen on 2018-06-25


Sounds great! you are welcome 😀

(CID:132656515)

DCIM_Support
Picard
Picard
0 Likes
0
570

🔒 Closed

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.