I can login to NetOps Portal with my LDAP users, but I cannot login to NFA with my LDAP users
search cancel

I can login to NetOps Portal with my LDAP users, but I cannot login to NFA with my LDAP users

book

Article ID: 31794

calendar_today

Updated On:

Products

CA Network Flow Analysis (NetQos / NFA)

Issue/Introduction

I can login to NetOps Portal with my LDAP users, but I cannot login to NFA with my LDAP users.

 

Environment

NFA version 9.1.x or newer

NetOps  version 2.3.3 or newer

Cause

The SSO module in NetOps encrypts the "Connection Password" used to bind to LDAP and passes that encrypted password down to NFA's SSO module.  However the NFA SSO module is not able to use encrypted passwords, so the login will fail.

You can verify that this is the case by running the command below, if the password appears to be encrypted, proceed with the resolution below.

mysql -P3308 -D reporter -t -e "select * from performance_center_properties where PropName like '%LdapConnectionPassword%';"

Resolution

To resolve this, you must manually set the connection password in the SSO module on the NFA Console server with a Local Override by following the steps below:

  1. Open the SsoConfig.exe from the \CA\NFA\Portal\SSO\bin directory on the NFA Console server.
  2. Select Option #2 for CA Network Flow Analysis.
  3. Select Option #1 for LDAP Authentication.
  4. Select Option #2 for Local Override.
  5. Select Option #2 for "Connection Password" then enter "u" for update.
  6. Enter the password for the "Connection User" that you use to bind to LDAP and hit enter.
  7. Attempt to login to NFA again and you should now be able to login to NFA.

Additional Information

 If you have upgraded to NFA 9.3.3 you will need to remove the Local Override for the LDAP Connection Password, and make sure the encrypted password syncs down from CAPC.  NFA 9.3.3 now expects an encrypted password.