Active directory authentication in VCF Operation for logs fails when using a service account (Standard AD user)
search cancel

Active directory authentication in VCF Operation for logs fails when using a service account (Standard AD user)

book

Article ID: 407382

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite) VCF Operations

Issue/Introduction

The connection is only successful when using an elevated domain account such as a "Domain Administrator" account.

You want to know the requirements for service account for Active Directory Integration on Aria Operations for Logs.

Environment

Aria Operations for Logs 8.x

VCF Operations for Logs 9.x

Cause

Insufficient access privilege and permissioned configured for Active Directory (AD) service account.

Resolution

Recommend to configure with Domain User for the AD Integration.

If Service Account is used, ensure this account have minimum Read access to be able to perform a query on User and Group within the Domain Tree.  

You can try to runAs the configured Service Account on the AD service to determine if the correct result will be returned on user and group query.

The following sample ldapsearch command can also be perform from the console of Aria Operations for Logs as the Service Account user.

ldapsearch -x -H ldap://support.lab-W -b"DC=support,DC=lab" "CN=*" SAMAccountName userPrincipleName -D "SUPPORT\username"

Note: replace domain and username with the AD domain and Service Account username.

Additional Information

Powered by Wolken Software