Aria Operations for Networks LDAP authentication troubleshooting
search cancel

Aria Operations for Networks LDAP authentication troubleshooting

book

Article ID: 306857

calendar_today

Updated On:

Products

VCF Operations for Networks

Issue/Introduction

This article provides information on how to troubleshoot LDAP authentication misconfiguration in Aria Operations for Networks. 

A feature of vRNI is to allow users registered in an external LDAP or AD server to log in to the network monitoring and troubleshooting tool.


The LDAP authentication can be configured after the deployment of your Platform and Proxy VMs, under Profile > Settings > LDAP in the UI.

 

When attempting to submit the configuration, one of the following messages appears in red :

  • LDAP authentication failed
  • YourDomain:389 or YourDomain:636
  • user <username> is not a member of authorized groups


In the /logs/restapilayer/restapilayer.STIYD-YYYY-MM-DD-hh.mm.ss.log.error file, you see entries similar to:

ERROR [YYYY-DD-MM HH:MM:SS] c.v.r.AuthRealmManager:[?:?:?] - [dw-17199 - POST /auth/ldapConfiguration] - exception validating ldap registration checks
ERROR [YYYY-DD-MM HH:MM:SS] c.v.r.AuthResource:[?:?:?] - [dw-17199 - POST /auth/ldapConfiguration] - Unable to validate LDAP connection

ERROR [YYYY-DD-MM HH:MM:SS] c.v.r.AuthRealmManager:[?:?:?] - [dw-17243 - POST /auth/ldapConfiguration] - group authorization failed
ERROR [YYYY-DD-MM HH:MM:SS] c.v.r.AuthResource:[?:?:?] - [dw-17243 - POST /auth/ldapConfiguration] - Unable to validate LDAP connection

ERROR [YYYY-DD-MM HH:MM:SS] c.v.r.ArkinJndiLdapRealm:[?:?:?] - [dw-17212 - POST /auth/ldapConfiguration] - user <username> is not a member of authorized groups
ERROR [YYYY-DD-MM HH:MM:SS] c.v.r.AuthRealmManager:[?:?:?] - [dw-17212 - POST /auth/ldapConfiguration] - group authorization failed
ERROR [YYYY-DD-MM HH:MM:SS] c.v.r.AuthResource:[?:?:?] - [dw-17212 - POST /auth/ldapConfiguration] - Unable to validate LDAP connection

ERROR [YYYY-DD-MM HH:MM:SS] c.v.r.ArkinJndiLdapRealm:[?:?:?] - [dw-17283 - POST /auth/ldapConfiguration] - could not find user <username> under baseDN dc=mydomain,dc=com
ERROR [YYYY-DD-MM HH:MM:SS] c.v.r.AuthRealmManager:[?:?:?] - [dw-17283 - POST /auth/ldapConfiguration] - group authorization failed
ERROR [YYYY-DD-MM HH:MM:SS] c.v.r.AuthResource:[?:?:?] - [dw-17283 - POST /auth/ldapConfiguration] - Unable to validate LDAP connection



Note: This log excerpt is an example. Date, time, and environmental variables may vary depending on your environment.

Environment

Aria Operations for Networks 6.12.0
Aria Operations for Networks 6.12.1
Aria Operations for Networks 6.13.0
Aria Operations for Networks 6.14.0

Resolution

If you believe you have encountered this issue, please open a support case with Broadcom Support and refer to this KB article.
For more information, see Creating and managing Broadcom support cases.

Powered by Wolken Software