Tanzu Mission Control Self Managed (TMC-SM) - AD connection issues
search cancel

Tanzu Mission Control Self Managed (TMC-SM) - AD connection issues

book

Article ID: 380794

calendar_today

Updated On:

Products

VMware Tanzu Mission Control - SM

Issue/Introduction

User's are unable to login to TMC Self Managed and are getting below error upon log on:

errcode: 2004 errmsg: Unauthorized requestid: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

This is as a result of the group search filter in the values yaml file not being specific enough.

Pinniped itself has no limit on how many LDAP groups to which a user can belong, however, TMC-SM has a limit.

Environment

Tanzu Mission Control Self Managed 1.4

Cause

Group search filter not refined

Resolution

Use the following for the groupSearchFilter value in the values file.

groupSearchFilter: "(&(objectClass=group)(member={})(|(cn=<tmc_admin>)(cn=<tmc_member>)))"

where <tmc_admin> and <tmc_member> are the group admin and member group names as per Active Directory groups.