Implementing and troubleshooting LDAP Authentication
search cancel

Implementing and troubleshooting LDAP Authentication


Article ID: 235576


Updated On:


Reporter-VA Reporter


Implementing and troubleshooting LDAP Authentication


To be able to log on to the Symantec Reporter with AD account, please be informed that the appliance needs to be set up to "Connect to a LDAP Server". In the course of the implementation steps, you will be able to chose the option to use the Microsoft Active Directory, as the LDAP server. For the end-to-end implementation steps, please refer to the Tech. doc. with URL below.

Note: Please, ensure the prerequisites are completely met.

Troubleshooting Steps:

The best way to log LDAP failures is to utilize Wireshark to generate a .pcap trace of the LDAP transaction (unless you are using secure LDAP, which would all be encrypted).
If so, you will want to disable that if possible in order to review the full LDAP transaction. Within the .pcap trace, you will see in clear text, what the failure is and why. There is also logging that takes place into the bcr-journal.txt files. Even though this will show the LDAP failure, its not as clear as to why it is failing. It will normally only indicate the base_DN for the user attempting authentication, and an 'Authentication Failure' message. This is why .pcap traces are more useful in troubleshooting these issues. If you have access to your LDAP server and have verbose logging enabled on it, you may also gain some valuable information as well.

As for the ldap_users.cfg file. This file is generated utilizing a LDAP standard query ping from Reporter using your base_DN and group_DN configuration. It will take the configured users on your Reporter and run them against your LDAP server. LDAP will return any groups and or nestedgroups they are associated with. The results of returned from the LDAP server are populated into the ldap_users.cfg file.