LDAP Admin user when logs in shows as member user in Aria Operations for Networks GUI
search cancel

LDAP Admin user when logs in shows as member user in Aria Operations for Networks GUI

book

Article ID: 413234

calendar_today

Updated On:

Products

VCF Operations for Networks

Issue/Introduction

1. You have LDAP user with Administrator, when LDAP admin user is use to login to Aria Operations for Networks it shows logged in as member user and not Administrator.
   
    Refer to Screenshot below which shows admin user shows logged in as a member.
   
     


2. Review of restapilayer logs on platform node at location /var/log/arkin/restapilayer shows below entries:

Below log entry shows what Aria Operations for Networks finds from the LDAP configured within Aria Operations for Networks GUI.

2025-09-10T20:56:12.200Z INFO vnera.restapilayer.ArkinJndiLdapRealm dw-242233 - POST /auth/login getRolesAndGroupForLdapUser:175 testing ldap configuration: url=ldap://ldapserver_IP/FQDN:389,ldap://ldapserver_IP/FQDN:389:389 user=user_name@######.com
base_group_dn=dc=#######,dc=com searchAttr=sAMAccountName groupDNs={admin=[cn=#######-esxi_admin,ou=access,ou=groups,dc=#######,dc=com, cn=#######-vrni_admin,ou=access,ou=groups,dc
=#######,dc=com]}

Below log entry shows what is fetched from LDAP Server url=ldap://ldapserver_ip_fqdn:389 

2025-09-10T20:56:12.201Z INFO vnera.restapilayer.ArkinJndiLdapRealm dw-242233 - POST /auth/login getLdapContext:554 attempting login with url=ldap://ldaserver_IP/FQDN:389 hostInfo=ldapserver_IP_FQDN.com/LDAP_IP principal=user_namei######.com
2025-09-10T20:56:12.210Z INFO vnera.restapilayer.ArkinJndiLdapRealm dw-242233 - POST /auth/login getRolesAndGroupForLdapUser:206 LDAP groups fetched from server: [cn=#-#######-#####-admin,ou=access,ou=groups,dc=#######,dc=com, cn=#-######-####-dns-powerusers,ou=roles,ou=groups,dc=######,dc=com, cn=domain users,cn=users,dc=######,dc=com, cn=#-#####-#######-infra,ou=roles,ou=groups,dc=#######,dc=com, cn=#-####-####-admins,ou=roles,ou
=groups,dc=######,dc=com, cn=#-#####-####-#######,ou=roles,ou=groups,dc=######,dc=com, cn=#-#####-####_####_admin,ou=function,ou=groups,dc=########,dc=com, cn=#-####-####_####,ou=roles,ou=groups,dc=######,dc=com]
2025-09-10T20:56:12.211Z INFO vnera.restapilayer.ArkinJndiLdapRealm dw-242233 - POST /auth/login getRolesAndGroupForLdapUser:229 All groups configured for user are: []

Below log entry  shows that there is no configured groupDNs matched. 

2025-09-10T20:56:12.211Z INFO vnera.restapilayer.ArkinJndiLdapRealm dw-242233 - POST /auth/login getRolesAndGroupForLdapUser:233 No configured groupDNs matches directly with user groups, hence assigning member role
2025-09-10T20:56:12.211Z INFO vnera.restapilayer.AuthResource dw-242233 - POST /auth/login onPremLogin:1775 LDAP user found with username: user_name@#####.com and customer-id: 10000

Environment

Aria Operations for Networks 6.13.0
Aria Operations for Networks 6.14.0
Aria Operations for Networks 6.14.1

Cause

MemberOf attribute of user is not having the desired group.

Nested Groups and users are unsupported in Aria Operations for Networks.

If a wrong LDAP Group DN (Distinguished Name) is matching for the  used user then this issue can be seen as well

Resolution

Issue on the LDAP configuration side and not Aria Operations for Networks issue.

Work with you Active Directory/LDAP Admin contact and get the correct configuration for  MemberOf Attribute done for the users and Groups.

If Groups and users configured are Nested groups and user then this is not supported in Aria Operations for Networks.

Use non nested Groups and user and use correct Group DN (Distinguished Name) for the user in question in the LDAP Configuration page on Aria Operations for Networks GUI

Powered by Wolken Software