Difference between revisions of "Flow/Settings/LDAP Server"

From Observer GigaFlow Support | VIAVI Solutions Inc.
Jump to: navigation, search
Line 48: Line 48:
 
When you press save, anuview Flow will connect to the server.
 
When you press save, anuview Flow will connect to the server.
 
At the bottom of this panel, you will see if that connection has been successful and how many LDAP groups have been retrieved.
 
At the bottom of this panel, you will see if that connection has been successful and how many LDAP groups have been retrieved.
 +
 +
 +
Below is the debug log output of a good Ad login for user test3 against domain anuview.net
 +
26 Feb 2019 10:31:50,332 DEBUG CLDAPserver:635 - domainuser:test3
 +
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:645 - s not domain:
 +
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:312 - authenticateGetMemberships:test3 anuview.net anuview.net
 +
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:319 - searchFilter:(&(cn=test3)) LDAPUserGroupMemberField:memberOf
 +
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:341 - LDAP a:ldaps://172.21.21.64
 +
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:343 - Starting ldaps tls
 +
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:346 - ROS.LDAPTLS.equals("true")false
 +
26 Feb 2019 10:31:50,405 DEBUG CLDAPserver:348 - ROS.LDAPTLS.equals("true")false
 +
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=gigaflow,CN=Users,DC=anuview,DC=net
 +
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=DnsUpdateProxy,CN=Users,DC=anuview,DC=net
 +
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=Domain Guests,CN=Users,DC=anuview,DC=net
 +
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=Schema Admins,CN=Users,DC=anuview,DC=net
 +
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=Guests,CN=Builtin,DC=anuview,DC=net
 +
26 Feb 2019 10:31:50,433 DEBUG CLDAPserver:400 - authenticateGetMemberships:test3 {"data":{"memberOf":["CN=gigaflow,CN=Users,DC=anuview,DC=net","CN=DnsUpdateProxy,CN=Users,DC=anuview,DC=net","CN=Domain Guests,CN=Users,DC=anuview,DC=net","CN=Schema Admins,CN=Users,DC=anuview,DC=net","CN=Guests,CN=Builtin,DC=anuview,DC=net"]}}

Revision as of 10:25, 26 February 2019

Before you can authenticate users, you mush tell anuview flow about the LDAP server it should use. From the main settings page, you can use the LDAP panel to enter this information.

Standard LDAP (Non windows)

Ldapnonwindows.png

  • Server address, e.g. ldap://172.21.40.189:389.
  • LDAP Group DN, the branch that should be searched to return a list of groups from e.g. ou=observer,dc=viavi,dc=solutions
  • LDAP Group Field, the dn of the field to return e.g. entryDN
  • LDAP Group Search,the filter to use when searching for groups e.g. (&(objectClass=groupOfNames))
  • LDAP Group Search Filtered, the filter to use in the users page when filterling the list of available groups e.g. (&(objectClass=groupOfNames)(cn=$FILTER))
  • LDAP User DN Base, the branch from which to search users e.g. ou=users,dc=viavi,dc=solutions
  • LDAP User DN Field, the DN for the users e.g. entryDN
  • LDAP Users Group Field, the filed representing the users group membership e.g. memberOf
  • LDAP User Filter,the filter to apply when searching for users e.g. (&(objectClass=inetOrgPerson)(uid=$USERID))
  • Username, the dn of the user to bind when searching the server e.g. cn=admin,dc=viavi,dc=solutions
  • Domain Name, not required for NON AD servers e.g. LEAVE BLANK
  • Password, e.g. XXXXXXXXXX
  • Status, i.e. if the connection is good and how many LDAP groups have been retrieved.

LDAP With Windows AD

Ldapwindows.png

  • Server address, e.g. ldap://172.21.40.189:389.
  • LDAP Group DN, e.g. dc=anuview,dc=net
  • LDAP Group Field, e.g. distinguishedName
  • LDAP Group Search, e.g. (&(objectClass=group))
  • LDAP Group Search Filtered, e.g. (&(objectClass=group)(cn=$FILTER))
  • LDAP User DN Base, e.g. dc=anuview,dc=net
  • LDAP User DN Field, e.g. cn
  • LDAP Users Group Field, e.g. memberOf
  • LDAP User Filter, e.g. (&(objectClass=user)(sAMAccountName=$USERID))
  • Username, e.g. Administrator
  • Domain Name, e.g. anuview.net
  • Password, e.g. XXXXXXXXXX
  • Status, i.e. if the connection is good and how many LDAP groups have been retrieved.

When you press save, anuview Flow will connect to the server. At the bottom of this panel, you will see if that connection has been successful and how many LDAP groups have been retrieved.


Below is the debug log output of a good Ad login for user test3 against domain anuview.net

26 Feb 2019 10:31:50,332 DEBUG CLDAPserver:635 - domainuser:test3
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:645 - s not domain:
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:312 - authenticateGetMemberships:test3 anuview.net anuview.net
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:319 - searchFilter:(&(cn=test3)) LDAPUserGroupMemberField:memberOf
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:341 - LDAP a:ldaps://172.21.21.64
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:343 - Starting ldaps tls
26 Feb 2019 10:31:50,333 DEBUG CLDAPserver:346 - ROS.LDAPTLS.equals("true")false
26 Feb 2019 10:31:50,405 DEBUG CLDAPserver:348 - ROS.LDAPTLS.equals("true")false
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=gigaflow,CN=Users,DC=anuview,DC=net
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=DnsUpdateProxy,CN=Users,DC=anuview,DC=net
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=Domain Guests,CN=Users,DC=anuview,DC=net
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=Schema Admins,CN=Users,DC=anuview,DC=net
26 Feb 2019 10:31:50,431 DEBUG CLDAPserver:372 - LDAP memberOf CN=Guests,CN=Builtin,DC=anuview,DC=net
26 Feb 2019 10:31:50,433 DEBUG CLDAPserver:400 - authenticateGetMemberships:test3 {"data":{"memberOf":["CN=gigaflow,CN=Users,DC=anuview,DC=net","CN=DnsUpdateProxy,CN=Users,DC=anuview,DC=net","CN=Domain Guests,CN=Users,DC=anuview,DC=net","CN=Schema Admins,CN=Users,DC=anuview,DC=net","CN=Guests,CN=Builtin,DC=anuview,DC=net"]}}