Unsolved
This post is more than 5 years old
17 Posts
0
1417
October 16th, 2008 20:00
Converting existing ECC installation authentication to ldap
Hi,
I am having trouble converting my existing ECC 6.0 installation from standard authentication to ldap (Active Directory). I was reading emc177785 and it got me started but I'm not sure I have it configured correctly in our environment.
I have a AD group created called GG_ECCUSERS that I want to put all of the ecc users into. It is located at "mydomain.com/Corporate/Groups/Other" in Active Directory. There is also an user created on the domain named "eccadmin" and that account has been added to the GG_ECCUSERS group.
Here is what my ecc_server.ini authenticaton section looks like:
[Authentication]
Authentication type = LDAP
Bind dn = eccadmin@mydomain.com
Bind credential = 2b260463092d6ea798a6c484a44787d4
Directory search start = OU=GG_ECCUSERS,OU=Other,OU=Groups,OU=Corporate,DC=mydomain,DC=com
Username attribute = sAMAccountName
User fullname attribute = CN
Ldap directory url = ldap://dco01.mydomain.com:389
Ldap backup directory urls = ldap://dco02.mydomain.com:389
The error message I get when trying to log into the console with eccadmin as the username and mydomain\eccadmin is:
User mydomain\eccadmin cannot be authenticated: LDAP: Cannot find user - 32 : No Such Object.
and
User eccadmin cannot be authenticated: LDAP: Cannot find user - 32 : No Such Object.
Am I going about this the wrong way?
I am having trouble converting my existing ECC 6.0 installation from standard authentication to ldap (Active Directory). I was reading emc177785 and it got me started but I'm not sure I have it configured correctly in our environment.
I have a AD group created called GG_ECCUSERS that I want to put all of the ecc users into. It is located at "mydomain.com/Corporate/Groups/Other" in Active Directory. There is also an user created on the domain named "eccadmin" and that account has been added to the GG_ECCUSERS group.
Here is what my ecc_server.ini authenticaton section looks like:
[Authentication]
Authentication type = LDAP
Bind dn = eccadmin@mydomain.com
Bind credential = 2b260463092d6ea798a6c484a44787d4
Directory search start = OU=GG_ECCUSERS,OU=Other,OU=Groups,OU=Corporate,DC=mydomain,DC=com
Username attribute = sAMAccountName
User fullname attribute = CN
Ldap directory url = ldap://dco01.mydomain.com:389
Ldap backup directory urls = ldap://dco02.mydomain.com:389
The error message I get when trying to log into the console with eccadmin as the username and mydomain\eccadmin is:
User mydomain\eccadmin cannot be authenticated: LDAP: Cannot find user - 32 : No Such Object.
and
User eccadmin cannot be authenticated: LDAP: Cannot find user - 32 : No Such Object.
Am I going about this the wrong way?
No Events found!
seamuscoffey
472 Posts
0
October 17th, 2008 02:00
I'm no expert when it comes to LDAP but there are a few very detailed Primus solution re configuring it with ControlCenter. Here they are:
- emc153954
- emc177785
- emc130913
Hopefully, these will point you in the right direction.
Regards,
Séamus Coffey
EMC Global Services
solfitadm
1 Message
0
October 17th, 2008 03:00
tazal
59 Posts
0
October 17th, 2008 06:00
I am having trouble converting my existing ECC
6.0 installation from standard authentication to ldap
(Active Directory). I was reading emc177785 and it
got me started but I'm not sure I have it configured
correctly in our environment.
I have a AD group created called GG_ECCUSERS that I
want to put all of the ecc users into. It is located
at "mydomain.com/Corporate/Groups/Other" in Active
Directory. There is also an user created on the
domain named "eccadmin" and that account has been
added to the GG_ECCUSERS group.
Here is what my ecc_server.ini authenticaton section
looks like:
[Authentication]
Authentication type = LDAP
Bind dn = eccadmin@mydomain.com
Bind credential = 2b260463092d6ea798a6c484a44787d4
Directory search start =
OU=GG_ECCUSERS,OU=Other,OU=Groups,OU=Corporate,DC=mydo
main,DC=com
Username attribute = sAMAccountName
User fullname attribute = CN
Ldap directory url = ldap://dco01.mydomain.com:389
Ldap backup directory urls =
ldap://dco02.mydomain.com:389
The error message I get when trying to log into the
console with eccadmin as the username and
mydomain\eccadmin is:
User mydomain\eccadmin cannot be authenticated: LDAP:
Cannot find user - 32 : No Such Object.
and
User eccadmin cannot be authenticated: LDAP: Cannot
find user - 32 : No Such Object.
Am I going about this the wrong way?
Did you add "mydomain\eccadmin" as a user within controlcenter? When you add the user within controlcenter it actually looks the user up within the domain.
Go to Administration->Security Management->ECC Users and right click on "ECC Users" and choose "New" and then enter "mydomain\eccadmin" and see what happens. If you have already done that right click on the domain based user and choose properties and see if that lookup works.
Nathan_N_Anthon
17 Posts
0
October 17th, 2008 07:00
You made me try something interesting.
I changed the [Authentication] Section back to default settings of "STANDARD" so i could log on with my local user account. Once logged in I added a couple of the domain users that i wanted to have access to ECC (mydomain\eccadmin and mydomain\myusername). Once I closed the console, I turned around and re-opened it just for curiosity and it let me log in with my domain accounts... with no changes to the ecc_server.ini file.
Now this goes against everything that the installation and configuration guide as well as the Knowledge Base search states.
Any ideas why this worked?
tazal
59 Posts
0
October 17th, 2008 08:00
It sounded like your user wasn't added within controlcenter so I thought I would recommend that as a starting point. I have a local eccadmin user as well as a bunch of domain based users all without ever having to chase down bind credentials, change authentication modes, etc. but as mentioned, in my environment the server is on a machine that is part of the domain.
bodnarg
2 Intern
•
385 Posts
0
October 17th, 2008 08:00
We've used this method for authentication since ECC 5.0 and have never had an issue with user access.
Nathan_N_Anthon
17 Posts
0
October 17th, 2008 08:00
tazal
59 Posts
0
October 17th, 2008 08:00
For what it's worth this has worked here since the days of 5.1.1 so I don't know that you have anything to be too nervous about.