Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

hernster

1 Rookie

 • 

63 Posts

3099

October 18th, 2012 13:00

SCA and LDAP, anyone get this to work?

Having a heck of a time getting LDAP authentication to work in SCA. My settings match what is listed in primus emc265179, example listed below.

But I cannot login with Windows domain account. If anyone else has this working correctly, would appreciate some feedback on what your config looks like for this. Thanks

From primus emc265179:

Example LDAP DB query for user “doej”
C:\WINDOWS>dsquery user –d emc.com –name doe*
C:\WINDOWS>dsquery user  -name doej | dsget user -dn -samid –upn

Resulting Ionix SCA LDAP configuration dialog settings for user “doej”
Domain Name=emc
Server: LDAPSERVER-01.emc.com
LDAP Port: 389
Base Domain Name: DC=emc,DC=com
Pattern : CN=doej,OU=Users,OU=North America

hernster

1 Rookie

 • 

63 Posts

November 9th, 2012 09:00

Thanks for the feedback. OK, your example works well, HOWEVER...

If I add another user directly under the first, working/authenticated in SCA, SCA/LDAP authentication fails.

(I need to add 6 users altogether, and yes I have added the users in SCA and chose LDAP auth.)

I've tried using comma and semicolon, and without either, to separate the users, but that does not work either. WHAT AM I MISSING HERE?

Example:

Single user setup such as this works!

CN=UserA,OU=Users,OU=NJ

Add a second user, like below, SCA/LDAP authentication breaks, cannot login!

CN=UserA,OU=Users,OU=NJ

CN=UserB,OU=Users,OU=NJ

CN=UserA,OU=Technical Support,OU=AK Anchorage, OU=US TSE

CN=UserB,OU=Technical Support,OU=AK Anchorage, OU=US TSE

hernster

1 Rookie

 • 

63 Posts

November 9th, 2012 13:00

Ryan,

Thanks for the clarification. I do believe the carriage return was my issue, so for anyone else having issues, BE VERY CAREFUL with any spaces you can't see when configuring LDAP in SCA, within ALL of the fields of Manage Authentication dialog box.

I have tested with myself and another user, and we can both login successfully with our domain (LDAP) accounts. I will add the other users, very carefully.

Finally, are we limited to only ONE domain? For example, in my case most users are in our North America child domain. Can users in our Europe child domain also use this SCA instance? The Manage Authentication config page appears to allow only 1 domain.

Thanks again,

manni1

1 Rookie

 • 

8 Posts

November 20th, 2012 00:00

Be aware and carefully also with this implemenation of LDAP authentication.

When an user try to login the SCA starts from begin of the user list to the end until it gets an successfull login to the LDAP server.

If you use some password security on the LDAP server like account lockout it will increase the counter for each user until SCA hit the correct user.

If you login 3 times (as example if you have lockout account after 3 atempts) into SCA and the other users are  on vacation or didn't login into LDAP during the time you login into SCA to reset the counter they account will get locked.

The whole SCA seems not to be in a public state and is not well designed or developed even if the idea behind will be fine.

Was this post helpful?

View All

No Events found!

Top