EcoStruxure IT forum
A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.
Posted: 2020-07-04 07:15 PM
This question was originally posted on DCIM Support by Boris on 2018-06-19
Hello
I try to manage users via the Active directory .For this I have created 2 groups (dcoadmin and dcousers ). It's work on my lab perfectly when groups and users location are in USERS container into Active Directory.
Unfortunately in customer users location into OU of the HR and groups into a different container than USERS . This AD topology doesn't work . I got to receive the very starnge error that user or password is incorrect. In jboss log I don't see any requests to AD .
I attach my configuration.
(CID:132654296)
Posted: 2020-07-04 07:15 PM
This answer was originally posted on DCIM Support by Martin Bertelsen on 2018-06-19
Hi Boris,
Based on your screenshot your groups are located in dcoap02.dcoCon.trick.com
your users are located in users.trick.com
and you authenticate with a user called "admin"
I recommend verifying that this is correct, i normally use a tool like Apache Directory Studio to connect and verify my Active Directory.
The error message you are getting indicates that one or more of your domain/username/password/"username attribute" and user search base are incorrect
What version of DCO are you running?
Could you possibly send a screenshot of the error message when i occurs?
Regards
Martin Bertelsen
(CID:132654312)
Posted: 2020-07-04 07:15 PM
This answer was originally posted on DCIM Support by Martin Bertelsen on 2018-06-19
Hi Boris,
Based on your screenshot your groups are located in dcoap02.dcoCon.trick.com
your users are located in users.trick.com
and you authenticate with a user called "admin"
I recommend verifying that this is correct, i normally use a tool like Apache Directory Studio to connect and verify my Active Directory.
The error message you are getting indicates that one or more of your domain/username/password/"username attribute" and user search base are incorrect
What version of DCO are you running?
Could you possibly send a screenshot of the error message when i occurs?
Regards
Martin Bertelsen
(CID:132654312)
Posted: 2020-07-04 07:15 PM
This comment was originally posted on DCIM Support by Boris on 2018-06-19
Hello Martin
I'm working on DCO 8.2.2
it's correct that I written. The user admin that bind to AD is located into CN=USERS . The group dcoadmin into CN=dcoCon . I'm using other ldap tool for check ldap path.
In server.log of the jboss clear
(CID:132654332)
Posted: 2020-07-04 07:15 PM
This comment was originally posted on DCIM Support by Boris on 2018-06-19
This in my lab and I can to do what I want .
(CID:132654335)
Posted: 2020-07-04 07:15 PM
This comment was originally posted on DCIM Support by Martin Bertelsen on 2018-06-19
Your user search base is "CN=USERS"
you are trying to log in with a user "agaf" whom is located in "OU=MyUsers"
The user search base is where you fetch users from when synchronizing ("CN=MyUsers"), not necessarily where the user who authenticates the AD server itself is located.
Try replacing CN=USERS with OU=MyUsers
Regards
Martin Bertelsen
(CID:132654360)
Posted: 2020-07-04 07:15 PM
This comment was originally posted on DCIM Support by Boris on 2018-06-19
many thanks
I'll try and notify to you
(CID:132654399)
Posted: 2020-07-04 07:15 PM
This comment was originally posted on DCIM Support by Boris on 2018-06-25
Many thanks Martin
You are right - it's working .
Many thanks
(CID:132656505)
Posted: 2020-07-04 07:15 PM
This comment was originally posted on DCIM Support by Martin Bertelsen on 2018-06-25
Sounds great! you are welcome 😀
(CID:132656515)
Posted: 2020-07-04 07:16 PM
This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.
Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.