Unable to Authenticate user after joining NFA to CAPC

book

Article ID: 140604

calendar_today

Updated On:

Products

CA Network Flow Analysis (NetQos / NFA)

Issue/Introduction

Unable to Authenticate user after joining NFA to CAPC

 

SSO Configuration/CA Network Flow Analysis/Test LDAP

Enter username > username

Enter password >

The UserBind option has been selected. We will now perform the first bind with the LdapConnectionUser and LdapConnectionPassword supplied in the SSO Config utility.

ldapSearchDomain = ldaps://serverName.corp.ad.publix.com:636/

ldapTimeout = 5000

DirContext.SECURITY_AUTHENTICATION = simple

DirContext.SECURITY_PRINCIPAL = LDAP_service_account_USERNAME

DirContext.SECURITY_CREDENTIALS set

Could not obtain a DirectoryContext.

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 ]

Logon failure: unknown user name or bad password.

Bind to the directory failed.

Environment

Release : 10.0

Component : NQRPTA - REPORTERANALYZER

Resolution

Verified with ADExplorer and found the user name and password was working but the LDAP Test was failing with exit code 49 indicating bad user name or password.


Found that CAPC had a local override for the LdapConnectionPassword.


That password was different than the Remote Value when we checked the encrypted string in the netqosportal db


Ran the following to check this:

mysql netqosportal

select * from performance_center_properties where propname = 'ldapconnectionpassword';


The local override was correct as they could log in to CAPC directly with LDAP users, and the remote value was wrong, so we updated the Remote Value on the CAPC SsoConfig tool.


Ran a fully resync of the NFA data source, and waited a few minutes until we saw the same encrypted string in the NFA database.


mysql reporter

select * from performance_center_properties where propname = 'ldapconnectionpassword';


Once we saw the correct string we were able to do a successful ldap test and the login worked as well.