LDAP user group name not found
search cancel

LDAP user group name not found

book

Article ID: 260395

calendar_today

Updated On:

Products

Spectrum Network Observability

Issue/Introduction

When configuring LDAP User Group Authentication in Spectrum OneClick, it fails to connect and authenticate users.

With SSORB debug enabled in OneClick (Administration -> Debugging -> Web Server Runtime Debug), we see the following in the OneClick server log:

Feb 17, 2023 15:24:01.901 (https-jsse-nio-8443-exec-9) (SecuritySP) - Trying to find the match LDAP Server user group name for the configuration grsearchString: CN=MySMG,CN=Users,DC=Mine,DC=COM
Feb 17, 2023 15:24:01.901 (https-jsse-nio-8443-exec-9) (SecuritySP) - LDAP Server - Group Name : CN=MySMG,CN=Users,DC=Mine,DC=com
Feb 17, 2023 15:24:01.902 (https-jsse-nio-8443-exec-9) (SecuritySP) - No matching LDAP user group name found
Feb 17, 2023 15:24:01.902 (https-jsse-nio-8443-exec-9) (SecuritySP) - No user model found - stopping

Environment

DX NetOps Spectrum all currently supported releases

Cause

LDAP Group Authentication is case sensitive.

Resolution

Update the LDAP xml configuration file under:

$SPECROOT/custom/ldap/config/ldap-grps-mappings-config.xml

to the same case in ldap group as in Active Directory.

For example:  

CN=MYSMG,CN=Users,DC=MINE,DC=COM

instead of 

CN=MySMG,CN=Users,DC=Mine,DC=com