Failed to Import Users or Authenticate in Aria Operations due to Incorrect Base DN Configuration for OpenLDAP
search cancel

Failed to Import Users or Authenticate in Aria Operations due to Incorrect Base DN Configuration for OpenLDAP

book

Article ID: 429104

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Users migrating from Active Directory to OpenLDAP in VMware Aria Operations 8.x experience failures during user and group imports. Symptoms include the inability to authenticate using LDAP credentials or errors during the initial configuration of the LDAP adapter.

Environment

Aria Operations 8.18.x

Cause

The configuration failure is typically caused by an incorrectly formatted Base DN. In OpenLDAP, the Base DN must strictly follow the Distinguished Name (DN) format (e.g., dc=example,dc=com). Providing a hostname, FQDN, or a slash-delimited path in the Base DN field prevents the Aria Operations LDAP client from successfully traversing the directory tree.

Resolution

To resolve this, update the OpenLDAP Authentication Source with the correct Base DN and Bind credentials.

Step 1: Add/Edit OpenLDAP Authentication Source

  1. Log in to the Aria Operations Product UI as an Administrator.

  2. Navigate to Administration > Control Panel > Authentication Sources.

  3. Click Add (or select the existing source and click Edit).

  4. Set the Source Type to Open LDAP.

  5. Provide a Display Name (e.g., Corporate-OpenLDAP).

Step 2: Configure Connection Details

Ensure the following parameters are entered exactly as required by the OpenLDAP schema:

  1. Host: Enter the FQDN or IP of the OpenLDAP server.

  2. Port: Default is 389 (LDAP) or 636 (LDAPS).

  3. Use SSL/TLS: Recommended. Verify and accept the certificate thumbprint if prompted.

  4. Base DN: Enter the starting point for searches using the dc= format.

    • Incorrect: corp.example.com

    • Correct: dc=corp,dc=example,dc=com

  5. User Name (Bind DN): Enter the full DN of the service account.

    • Example: cn=admin,dc=corp,dc=example,dc=com

  6. Password: Enter the password for the Bind DN account.

Step 3: Validate and Sync

  1. Click Test Connection to verify the credentials and Base DN.

  2. Once the test is successful, click OK.

  3. Proceed to import Users and Groups via the Import button within the Authentication Sources dashboard.

Additional Information

https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-configuration-guide-8-18/-configuring-administration-settings/managing-user-access-control/authentication-sources-overview.html 

Powered by Wolken Software