The Preview pane in the LDAP configuration for Aria Config / RaaS does not display users or groups
search cancel

The Preview pane in the LDAP configuration for Aria Config / RaaS does not display users or groups

book

Article ID: 417518

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

In the LDAP configuration on the RaaS server (Authentication > Create: LDAP), once the details are filled, Users/Groups are not showing in the Preview section:

  • The Preview section prints the text "Click UPDATE PREVIEW to load" instead of listing Groups/Users
  • The Preview section for Groups or Users shows a spinning circle "Loading..." rather than showing Groups/Users

Environment

  • VMware Tanzu Guardrails for Workloads / Aria Automation Config / Saltstack Enterprise / RaaS 8.x

Cause

There are invalid details given for your LDAP directory.

After you click UPDATE PREVIEW, if one of these details is wrong then it will print "Click UPDATE PREVIEW to load" in the update pane:

  • Host
  • Port
  • SSL
  • Auth base DN 
  • Admin bind DN
  • Admin bind password
  • Auth bind DN filter
  • User search DN
  • Person class
  • User ID attribute

If the wrong setting is given for Group search DN filter, then it may return "No groups found"

If other options are incorrect (Remote unique ID attribute name, or remaining Groups/Users settings for search DN, search scope, search DN filter, or attributes), the preview pane shows a spinning circle with "Loading..." indefinitely.

This exact behaviour could change between versions: this is tested on Aria Automation Config 8.17.0.6 and provided to help narrow down the incorrect details entered.

Resolution

Here is a guideline of the minimum steps required. The precise values depend on your LDAP server:

  1. Click PREFILL DEFAULTS and choose the appropriate option
  2. Add the LDAP hostname, like ad.example.com 
  3. Add the Auth base DN, e.g.: DC=example,DC=com
  4. Add the Auth bind DN, e.g.: CN=Administrator,CN=Users,DC=example,DC=com and this user's password
  5. Add the Group Search DN & User Search DN, e.g.: CN=Users,DC=example,DC=com
  6. Consider if SSL should be disabled

For the distinguished names above, if the parent object for your users is a "container" folder then you use CN=, but if it shows an "organizational unit" then you need to use OU=

For more information, the TechDocs article Configuring directory services using the LDAP protocol goes through the various options in great detail.

Powered by Wolken Software