ldap was upgraded to windows 2016 and now no one can log into UIM v.5.61

book

Article ID: 209603

calendar_today

Updated On:

Products

DX Infrastructure Management

Issue/Introduction

Hub is not getting a port on start up which is preventing users from logging in. Nothing shows in the logs, even at log level 5 for controller and hub.

NMS 5.61, UMP 2.61(v1).

Cause

UIM (NMS) is running on Windows 2008R2. NMS 5.61 was never certified for Windows 2016 LDAP.

There is a defect in hub 5.82 where if you set active = no in the ldap section of the hub.cfg it still tries to use it.

Environment

Release : 5.61

Component : UIM - HUB

Resolution

NMS 5.61 is not compatible with ldap 2016.

Replace the ldap section in all the hub.cfg files and replaced with the default version from hub.cfx (see example below).

restarted robot

If you have another 2008 ldap server you can configure it normally on each hub probe.

If not, you can create local nimbus users in Infrastructure Manager.

Recommend building a 20.3.3 or later lab and test customer scripts, then migrate to production.

 

example of the ldap section form the hub.cfx file. This needs to replace the same section in the hub.cfg

 

<ldap>
   <server>
      active = no
   </server>
   <templates>
      <Active Directory>
         tag = ad
         filter_group = (objectClass=group)
   filter_user    = (&(objectClass=person)(|(userPrincipalName=$loginname)(sAMAccountName=$loginname)))
         exclude_regexp = /(@)|(\\)|(^(C|c)(N|n)=)/ 
         ldap_dn_regexp = /^(C|c)(N|n)=/
         attr_grp_name = name
         attr_grp_member_name = member
         attr_usr_firstname = givenName
         attr_usr_lastname = sn
         attr_usr_mail = mail
         attr_usr_cellphone = mobile
         attr_usr_phone = telephoneNumber
         attr_usr_www = wWWHomePage
         attr_usr_office = physicalDeliveryOfficeName
         attr_usr_company = company
         attr_usr_title = title
         attr_usr_department = department
         attr_usr_description = description
         attr_usr_name = displayName
         attr_usr_id = userPrincipalName
         attr_usr_member_of = memberOf
         attr_usr_restrict_view = restrictViewToUserAssets
         format = [email protected]$domain
   lookup = no
         paging = yes
   member_lookup_reverse = yes
      </Active Directory>
      <eDirectory>
         tag = ed
   filter_group = (objectClass=groupOfNames)
   filter_user = (&($attr_usr_id=$loginname))    
   exclude_regexp = /^(C|c)(N|n)=/
   ldap_dn_regexp = /^(C|c)(N|n)=/
   attr_grp_name = cn
         attr_grp_member_name = member
         attr_usr_firstname = givenName
         attr_usr_lastname = sn
         attr_usr_mail = mail
         attr_usr_cellphone = mobile
         attr_usr_phone = telephoneNumber
         attr_usr_office = l
         attr_usr_company = company
         attr_usr_title = title
         attr_usr_department = ou
         attr_usr_description = description
         attr_usr_name = fullName
         attr_usr_id = uid
         attr_usr_member_of = groupMembership
         attr_usr_restrict_view = restrict_view_to_user_assets
         lookup = yes
         paging = no
   member_lookup_reverse = yes
      </eDirectory>
   </templates>
</ldap>

Additional Information

NMS 5.61 is END OF SUPPORT. This is best effort and customer should build a new UIM 20.3.3+ as there is no upgrade path from this version of UIM.