article How to configure LDAP user authentication

How the User Authentication Configuration page works.
1. Take LDAP Query, replace %s in the query with the name under LDAP Username
2. Connect to LDAP using the distinguished name pointing to that user. If authentication fails (or user is not found), it will return "Invalid Credentials"
3. On success, it takes LDAP Group Distinguished Name, and reads the object.
4. If it can not find the object at all, it will output "No Group exists under that Distinguished Name."
5. If it finds the object but the Group object is not under a domain name, it will not be able to read it and returns "Could not get members listing for Group Distinguished Name."
6. If object is read, and the distinguished name in the object exists, the users are inserted into the local up.time database
7. If object is read, but it contains entries that do not link to a user, that particular user is skipped and not inserted into up.time.

Example:
======================================================================
LDAP URL ldap://ldaphostname:389
LDAP Query uid=%s,ou=usersgroup,dc=subdomain,dc=domain,dc=tld
======================================================================
Synchronization enabled Yes
Synchronize every 1h
Group Distinguished Name cn=uptime.group,ou=usersgroup,dc=subdomain,dc=domain,dc=tld
======================================================================
LDAP Username asmith
Password ******
======================================================================

Using Oracle LDAP server, there are two methods of creating groups, "groupOfNames" and "groupOfUniqueNames".
Up.time uses "groupOfNames" method.

The following articles will help with setting up Oracle LDAP users under "groupOfNames"

http://docs.oracle.com/cd/E19623-01/820-6169/defining-static-groups.html
http://docs.oracle.com/cd/E19316-01/820-2763/bcajq/index.html

If unsure of the paths use software like 'Active Directory Explorer' or 'Wireshark' to connect to the AD/LDAP server to determine the path.

Related Articles


Active Directory / LDAP Authentication Troubleshooting

RatingViews
article

This solution may apply to AD or LDAP authentication failures when using the fully qualified domain name (FQDN) to configure up.time authentication methods. The FQDN may be required but this...

By: uptime Support | Date Created: 9-28-2011 | Last Modified: 9-29-2011 | Index: 566

  3880

User AD Authentication Save button greyed out in IE

RatingViews
article

There is a known issue saving AD Authentication settings under the User Authentication page in up.time 5.2 when these settings are viewed through Internet Explorer. To save settings correctly...

By: uptime Support | Date Created: 6-11-2010 | Last Modified: 8-10-2011 | Index: 447

  2246

LDAP: error code 12 - Unavailable Critical Extension

RatingViews
article

When using the LDAP monitor to monitor a Sun Directory Server (version 6.3), if all the fields are set (Base, bind, attribute), the following error occurs when testing: LDAP: error code 12 -...

By: uptime Support | Date Created: 10-14-2009 | Last Modified: 8-10-2011 | Index: 433

  11629

How to configure Applications in up.time

RatingViews
article

By: uptime Support | Date Created: 6-1-2006 | Last Modified: 7-27-2011 | Index: 072

  3797

Does the HTTP monitor work with NTLM authentication?

RatingViews
article

Current Windows based NTLM authentication to web sites is not supported by the HTTP or Web Application Transaction service monitors.

By: uptime Support | Date Created: 12-31-1969 | Last Modified: 8-10-2011 | Index: 304

  3080

User Comments



No comments have been posted.

Copyright © 2021 IDERA, Inc.   Legal   Privacy Statement