Flow/Settings/LDAP Server

From Observer GigaFlow Support | VIAVI Solutions Inc.
Jump to: navigation, search

Before you can authenticate users, you mush tell anuview flow about the LDAP server it should use. From the main settings page, you can use the LDAP panel to enter this information.

Standard LDAP (Non windows)

Ldapnonwindows.png

  • Server address, e.g. ldap://172.21.40.189:389.
  • LDAP Group DN, the branch that should be searched to return a list of groups from e.g. ou=observer,dc=viavi,dc=solutions
  • LDAP Group Field, the dn of the field to return e.g. entryDN
  • LDAP Group Search,the filter to use when searching for groups e.g. (&(objectClass=groupOfNames))
  • LDAP Group Search Filtered, the filter to use in the users page when filterling the list of available groups e.g. (&(objectClass=groupOfNames)(cn=$FILTER))
  • LDAP User DN Base, the branch from which to search users e.g. ou=users,dc=viavi,dc=solutions
  • LDAP User DN Field, the DN for the users e.g. entryDN
  • LDAP Users Group Field, the filed representing the users group membership e.g. memberOf
  • LDAP User Filter,the filter to apply when searching for users e.g. (&(objectClass=inetOrgPerson)(uid=$USERID))
  • Username, the dn of the user to bind when searching the server e.g. cn=admin,dc=viavi,dc=solutions
  • Domain Name, not required for NON AD servers e.g. LEAVE BLANK
  • Password, e.g. XXXXXXXXXX
  • Status, i.e. if the connection is good and how many LDAP groups have been retrieved.

LDAP With Windows AD

Ldapad2.png

  • Server address, e.g. ldap://172.21.40.189:389.
  • LDAP Group DN, e.g. dc=anuview,dc=net
  • LDAP Group Field, e.g. distinguishedName
  • LDAP Group Search, e.g. (&(objectClass=group))
  • LDAP Group Search Filtered, e.g. (&(objectClass=group)(cn=$FILTER))
  • LDAP User DN Base, e.g. dc=anuview,dc=net
  • LDAP User DN Field, e.g. sAMAccountName
  • LDAP Users Group Field, e.g. memberOf
  • LDAP User Filter, e.g. (&(objectClass=user)(sAMAccountName=$USERID))
  • Username, e.g. Administrator
  • Domain Name, e.g. anuview.net
  • Password, e.g. XXXXXXXXXX
  • Status, i.e. if the connection is good and how many LDAP groups have been retrieved.

When you press save, anuview Flow will connect to the server. At the bottom of this panel, you will see if that connection has been successful and how many LDAP groups have been retrieved.


Below is the debug log output of a good Ad login for user test3 against domain anuview.net

26 Feb 2019 10:31:50,331 DEBUG CWeb:132 - Key:userName Value:test3
26 Feb 2019 10:31:50,331 DEBUG ROS:398 - Credentials null
26 Feb 2019 10:31:50,331  INFO CWeb:173 - validating user
26 Feb 2019 10:31:50,331 DEBUG ROS:404 - getUser test3
26 Feb 2019 10:31:50,331 DEBUG ROS:407 - thisUser == null test3
26 Feb 2019 10:31:50,331 DEBUG ROS:261 - getLocalUser test3
26 Feb 2019 10:31:50,332  WARN ROS:291 - Login v.isEmpty()
26 Feb 2019 10:31:50,332 DEBUG CLDAPserver:635 - domainuser:test3
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:645 - s not domain:
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:312 - authenticateGetMemberships:test3 anuview.net anuview.net
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:319 - searchFilter:(&(cn=test3)) LDAPUserGroupMemberField:memberOf
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:341 - LDAP a:ldaps://172.21.21.64
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:343 - Starting ldaps tls
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:346 - ROS.LDAPTLS.equals("true")false
26 Feb 2019 10:31:50,333 DEBUG CBlindSocket:44 - CBlindSocket
26 Feb 2019 10:31:50,333 DEBUG CBlindSocket:62 - crateSocket172.21.21.64 636
26 Feb 2019 10:31:50,405 DEBUG CLDAPserver:348 - ROS.LDAPTLS.equals("true")false
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=gigaflow,CN=Users,DC=anuview,DC=net
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=DnsUpdateProxy,CN=Users,DC=anuview,DC=net
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=Domain Guests,CN=Users,DC=anuview,DC=net
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=Schema Admins,CN=Users,DC=anuview,DC=net
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=Guests,CN=Builtin,DC=anuview,DC=net
26 Feb 2019 10:31:50,433 DEBUG CLDAPserver:400 - authenticateGetMemberships:test3 {"data":{"memberOf":["CN=gigaflow,CN=Users,DC=anuview,DC=net","CN=DnsUpdateProxy,CN=Users,DC=anuview,DC=net","CN=Domain Guests,CN=Users,DC=anuview,DC=net","CN=Schema Admins,CN=Users,DC=anuview,DC=net","CN=Guests,CN=Builtin,DC=anuview,DC=net"]}}
26 Feb 2019 10:31:50,433 DEBUG ROS:301 - Got JSONArray:["CN=gigaflow,CN=Users,DC=anuview,DC=net","CN=DnsUpdateProxy,CN=Users,DC=anuview,DC=net","CN=Domain Guests,CN=Users,DC=anuview,DC=net","CN=Schema Admins,CN=Users,DC=anuview,DC=net","CN=Guests,CN=Builtin,DC=anuview,DC=net"]
26 Feb 2019 10:31:50,433 DEBUG ROS:250 - ["CN=gigaflow,CN=Users,DC=anuview,DC=net","CN=DnsUpdateProxy,CN=Users,DC=anuview,DC=net","CN=Domain Guests,CN=Users,DC=anuview,DC=net","CN=Schema Admins,CN=Users,DC=anuview,DC=net","CN=Guests,CN=Builtin,DC=anuview,DC=net"]
26 Feb 2019 10:31:50,433 DEBUG ROS:316 - Got group:CN=gigaflow,CN=Users,DC=anuview,DC=net from:{"data":{"memberOf":["CN=gigaflow,CN=Users,DC=anuview,DC=net","CN=DnsUpdateProxy,CN=Users,DC=anuview,DC=net","CN=Domain Guests,CN=Users,DC=anuview,DC=net","CN=Schema Admins,CN=Users,DC=anuview,DC=net","CN=Guests,CN=Builtin,DC=anuview,DC=net"]}}
26 Feb 2019 10:31:50,433 DEBUG ROS:321 - addUsertest3
26 Feb 2019 10:31:50,433 DEBUG ROS:2639 - addUser:test3 test3 test3 {"dashboard":"/","permissions":["Normal User"],"theme":"dashboard.css"} 3 1


You can set the domain login by use domain\username