Domain user login failure when user is not in the hierarchy of Base DN
Article ID: 342745
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
- After configuring your directory, only some of the users are able to log in to vRealize Automation.
- Users that are failing are not contained in the hierarchy of the base DN configured in the Directory.
Environment
VMware vRealize Automation 7.1.x
VMware Identity Manager 19.03.x
VMware vRealize Automation 7.0.x
VMware Identity Manager 19.03.x
VMware vRealize Automation 7.0.x
Cause
This issue occurs because vRealize Automation/ Identity Manager cannot perform authentication against active directory locations that are not contained within the hierarchy of the configured Directory.
Resolution
To resolve this issue you will need to alter the Base DN configured with most lowest hierarchy in the Directory to include the users that are failing login.
Note: If the user is not under Base DN of ldap AD configuration, then user will not be allowed to login.
For example:
This example has the Base DN details of configured directory and the steps to add users and groups:
This example has the Base DN details of configured directory and the steps to add users and groups:
- Directory Base DN:
CN=Users,DC=corp,DC=local - Select Users.
- Enter the DN for Users:
CN=user1,OU=ou1,DC=corp,DC=local - Select Groups.
- Enter the DN for Groups:
OU=ou2,CN=Users,DC=corp,DC=local
OU=ou1,DC=corp,DC=local
Note: The group ou1 contains user2 and user3, the group ou2 contains user4 and user5.
After syncing the directory, all five users will get synced successfully. However, only user4 and user5 can login.
As user1, user2 and user3 are not in the hierarchy of Base DN (CN=Users,DC=corp,DC=local), they will not be able to login and get the error as authentication failure.
To resolve this, change the directory configuration Base DN with most lowest hierarchy to DC=corp,DC=local and save the changes. This will allow all five users to login successfully.
Feedback
Yes
No
Powered by
