How to configure LDAP user authentication|
How the User Authentication Configuration page works.
1. Take LDAP Query, replace %s in the query with the name under LDAP Username 2. Connect to LDAP using the distinguished name pointing to that user. If authentication fails (or user is not found), it will return "Invalid Credentials" 3. On success, it takes LDAP Group Distinguished Name, and reads the object. 4. If it can not find the object at all, it will output "No Group exists under that Distinguished Name." 5. If it finds the object but the Group object is not under a domain name, it will not be able to read it and returns "Could not get members listing for Group Distinguished Name." 6. If object is read, and the distinguished name in the object exists, the users are inserted into the local up.time database 7. If object is read, but it contains entries that do not link to a user, that particular user is skipped and not inserted into up.time. Example: ====================================================================== LDAP URL ldap://ldaphostname:389 LDAP Query uid=%s,ou=usersgroup,dc=subdomain,dc=domain,dc=tld ====================================================================== Synchronization enabled Yes Synchronize every 1h Group Distinguished Name cn=uptime.group,ou=usersgroup,dc=subdomain,dc=domain,dc=tld ====================================================================== LDAP Username asmith Password ****** ====================================================================== Using Oracle LDAP server, there are two methods of creating groups, "groupOfNames" and "groupOfUniqueNames". Up.time uses "groupOfNames" method. The following articles will help with setting up Oracle LDAP users under "groupOfNames" http://docs.oracle.com/cd/E19623-01/820-6169/defining-static-groups.html http://docs.oracle.com/cd/E19316-01/820-2763/bcajq/index.html If unsure of the paths use software like 'Active Directory Explorer' or 'Wireshark' to connect to the AD/LDAP server to determine the path. |
Article InfoIndex: 603 OptionsQuick Links |
Active Directory / LDAP Authentication Troubleshooting | Rating | Views | |
|---|---|---|---|
|
|
This solution may apply to AD or LDAP authentication failures when using the fully qualified domain name (FQDN) to configure up.time authentication methods. The FQDN may be required but this... By: uptime Support | Date Created: 9-28-2011 | Last Modified: 9-29-2011 | Index: 566 |
 
|
4036 |
User AD Authentication Save button greyed out in IE | Rating | Views | |
|---|---|---|---|
|
|
There is a known issue saving AD Authentication settings under the User Authentication page in up.time 5.2 when these settings are viewed through Internet Explorer. To save settings correctly... By: uptime Support | Date Created: 6-11-2010 | Last Modified: 8-10-2011 | Index: 447 |
|
2382 |
LDAP: error code 12 - Unavailable Critical Extension | Rating | Views | |
|---|---|---|---|
|
|
When using the LDAP monitor to monitor a Sun Directory Server (version 6.3), if all the fields are set (Base, bind, attribute), the following error occurs when testing: LDAP: error code 12 -... By: uptime Support | Date Created: 10-14-2009 | Last Modified: 8-10-2011 | Index: 433 |
|
11828 |
How to configure Applications in up.time | Rating | Views | |
|---|---|---|---|
|
By: uptime Support | Date Created: 6-1-2006 | Last Modified: 7-27-2011 | Index: 072 |
|
4033 |
Does the HTTP monitor work with NTLM authentication? | Rating | Views | |
|---|---|---|---|
|
|
Current Windows based NTLM authentication to web sites is not supported by the HTTP or Web Application Transaction service monitors. By: uptime Support | Date Created: 12-31-1969 | Last Modified: 8-10-2011 | Index: 304 |
|
3192 |
