LDAP users are assigned a Member role in Aria operations for networks

search cancel

LDAP users are assigned a Member role in Aria operations for networks

book

Article ID: 388737

calendar_today

Updated On:

Products

VCF Operations for Networks

Issue/Introduction

Settings > Identity & Access Management > User Management > LDAP Users
LDAP Users has a role of member assigned.

Settings > Identity & Access Management > LDAP > Group base access control.
Group DN field contains path to a group where the user is not a direct member.
The Group DN is assigned an Administrator role.

AON Platform restapilayer log shows the following

var/log/arkin/restapilayer/restapilayer.log

2024-12-12T09:36:46.180Z INFO vnera.restapilayer.ArkinJndiLdapRealm dw-1114514 - POST /auth/login getRolesAndGroupForLdapUser:229 All groups configured for user are: []{{{}2024-12-12T09:36:46.180Z INFO vnera.restapilayer.ArkinJndiLdapRealm dw-1114514 - POST /auth/login getRolesAndGroupForLdapUser:233 No configured groupDNs matches directly with user groups, hence assigning member role
{}}}

Environment

Aria Operations for Networks 6.13.0
Aria Operations for Networks 6.14.0

Cause

Authenticating to a group where a user is not a direct member is not currently supported.

Resolution

We need to provide the full path to the group in which the user is in.

Under Settings > Identity & Access Management > LDAP > Group base access control. The user must be direct member of the CN

cn=XXXX,ou=XXXX,ou=XXX,ou=XXX,ou=XX,ou=XX,dc=XX,dc=XX

Additional Information

Configure Lightweight Directory Access Protocol (LDAP)

Feedback

thumb_up Yes

thumb_down No