Release Automation

  • Private Community

  • 1.  AD Integration

    Posted Jun 21, 2017 01:07 AM

    Hi All,

     

    I need some help as I read in many documents, read many topics in here and asked many person about Integration with Active Directory. I found some error that's weird for me.

     

    I try to integration with AD by edit distributed.properties

     

    use.active.directory.authentication=true

    use.active.directory.domain=xxxxx.local

    use.active.directory.url=ldap://xx.***.***.xx:389 (also tried ldap://xx.***.***.xx)

    use.active.directory.user.username=user@xxxxx.local

    use.active.directory.user.password= {password encript with encript_password script}

     

    Then after restart the management server I got log return something can bind to LDAP

     

    Then I try to login with userprincipal name of AD Users and got "Failed to contact Nolio Server" in ASAP

    and "An Authentication Object was not found in the SecurityContext" in ROC

     

    After that I investigate Log it have message "Authenticated: true" and got DN of that user => Found DN: cn=xxxxx xxxxxxx,ou=Users,ou=xxxUsers_HQ,ou=Cooperate Groups,ou=xxxHQ,ou=Locations,dc=xxxTest,dc=local

     

    But next log have - ignoring PartialResultException / then in the same time after that found Authenticated: true

     

    But the ASAP and ROC have error as above that I explain.

     

    Have anyone found this issue same as me?

    Then How to solve it?

     

    I already open support case last night just waiting for CA Support response.

     

     

    Edit1. I would like to remove log attachment in some case.

     

    Thank you and regards,

    Nithi P.



  • 2.  Re: AD Integration

    Broadcom Employee
    Posted Jun 21, 2017 05:49 PM

    Could you check your nolio_dm_all.log on the NAC and let us know what errors you see there?  I would like to see the full text of the "cannot bind to LDAP" error, which should be logged there in full.  I'm also interested to see if you have any "Error Code: xx" messages accompanying that. 



  • 3.  Re: AD Integration

    Posted Jun 22, 2017 04:10 AM

    Hi James,

     

    I think this is logs you would like to see but it is some partial part of that Logs thatg I upload in nolio_dm_log.zip

     

    Regards,

    Nithi P.



  • 4.  Re: AD Integration

    Broadcom Employee
    Posted Jun 22, 2017 12:41 PM

    Looks like it doesn't like the credentials provided. Check out line 13894:

    2017-06-20 20:27:39,528 [http-nio-8080-exec-1] INFO  (com.nolio.platform.server.dataservices.services.auth.providers.NolioActiveDirectoryAuthenticationProvider:161) - Active Directory authentication failed: Supplied password was invalid

    The line that follows shows more details about what was rejected, which I want to avoid posting here.  Double-check that account since there appears to be a problem with its credentials as provided. 



  • 5.  Re: AD Integration

    Posted Jun 23, 2017 04:19 AM

    Thank you James for fast response.

     

    Please take a look around line 14232. I can login with that User.



  • 6.  Re: AD Integration
    Best Answer

    Posted Jun 26, 2017 03:59 AM

    This is known issue.

    I can solve it by Update Culmunative Patch.

     

    Thank you very much

    Nithi P.