When I configure a LDAP group to a role, it doesn't allow me access to the database?
When I configure a LDAP group to a role, it allows me access to all the databases?
My LDAP user is able to login, but when I click on more info, it shows me a blank page.
When I log into reporter, all I can do is change my password, and even that doesn't work. The text above this prompt is "LDAP users cannot change their password."
I am seeing this message, when I login to Bluecoat Reporter. " In order to view reports in Reporter, your system administrator must set a database for you to have access to. Please contact your administrator." But, when I press "OK" on the above message, it looks like I'm logged in, but all I can do is change the password.
The Role of this article:
This entire article is assuming that your LDAP configuration is successfully setup, according to this article - 000013348
This article is not a complete step by step guide fo how to configure LDAP and roles on Reporter, but meant only to address certain symptoms that users might see.
000013348 is meant to address step by step instructions on how to configure LDAP, roles and groups.
For a deeper dive into how the configuration files work together, and how they can help in troubleshooting LDAP issues please see 000014773
How to troubleshoot the above mentioned symptoms:
The above screenshot, regarding having a have a database setup for you, means that these things have successfully occured:
However, what is not setup right, is your roles configuration. Here are some tips on what might be wrong.
There is a comon missconception that the groups, mentioned in the below screenshot, are groups that the Reporter, LDAP, service searches for in the Directory ( AD, or Edirectory) tree.
Here's a definition of each of types of groups:
The above configuration would restrict the user to only being able to see the data for each of the groups you choose from the drop down list. Looking at the above screenshot, these groups are already in the database called "Demo Logs".
NOTE: Ways of making the above screen clearer, for future versions of Reporter, are being considered.
To link your already created role to a a searchable LDAP group, you need to complete this screen:
To arrive at this screen, follow these steps:
Here's a screenshot of what that screen would look like.
NOTE1: To be clear, the choices in the above screenshot are a list of all the already configured roles available in Reporter. By choosing one of the "Asigned Roles" you are choosing a normal role, and allowing the chosen LDAP group access to whatever permissions this role has access too.
NOTE2: Linking this group to the Adminstrator will allow all members of your chosen LDAP group to have full admistrator privilidges to this Reporter server.
NOTE3: For a list of what fields should be in a access log, see 000021974
NOTE4: More information on the above symptoms see 000014489
NOTE5: For a list of what LDAP error codes you may see in the journal, and what they mean, see 000015695
NOTE6: Some groups, in your Active Directory tree, will only be setup for Global Groups, but will need to be setup as a Universal group to to be 'seen' by Reporter, as it searches the tree for groups, with users who have the attribute of 'member of' linked to them.