LDAP Integration does not meet input validation rules for field 'first_name'
search cancel

LDAP Integration does not meet input validation rules for field 'first_name'

book

Article ID: 288019

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

User is unable to login the console and the coreservices debug log shows:

cb.api.user_management_api - The value "users name" does not meet input validation rules for field 'first_name'

Environment

  • EDR Server: 7.7.0 and higher
  • LDAP

Cause

Active Directory user has the full name in the givenName/firstname in Active Directory settings

Resolution

  1. Open /etc/cb/sso/attr_map.ldap.py for editing
  2. Find the following line towards the bottom 
        result = LDAPMapper.map_ldap_to_cb(response.groups, team_mappings,
                                       response.attrs, attribute_mappings, permissions_attribute_name)
  3. Add this line above, keeping the same spacing 
        response.attrs[1] = (response.attrs[1][0],response.attrs[1][1].split(' ')[0])
    Example: 
        response.attrs[1] = (response.attrs[1][0],response.attrs[1][1].split(' ')[0])
    result = LDAPMapper.map_ldap_to_cb(response.groups, team_mappings,
                                       response.attrs, attribute_mappings, permissions_attribute_name)
  4. Restart cb-coreservices and login 
    /usr/share/cb/cbservice cb-coreservices restart

Additional Information

  • This will change split the first name and last name in the givenName field by the space and use the characters before the space as the first name
Powered by Wolken Software