How the User Authentication Configuration page works.
- Take the LDAP Query, replace % in the query with the name under LDAP Username.
- Connect to LDAP using the distinguished name pointing to that user. If authentication fails (or user is not found), it will return "Invalid Credentials."
- Upon success, it takes LDAP Group Distinguished Name, and reads the object.
- If it cannot find the object, you receive the message, "No Group exists under that Distinguished Name."
- If it finds the object but the Group object is not under a domain name, it cannot read it, and returns the message, "Could not get members listing for Group Distinguished Name."
- If object is read, and the distinguished name in the object exists, the users are inserted into the local UIM database.
- If object is read, but it contains entries that do not link to a user, that particular user is skipped and not inserted into UIM.
For example:
LDAP URL ldap://ldaphostname:389 LDAP Query uid=%s,ou=usersgroup,dc=subdomain,dc=domain,dc=tld Synchronization enabled Yes Synchronize every 1h Group Distinguished Name cn=uptime.group,ou=usersgroup,dc=subdomain,dc=domain,dc=tld LDAP Username asmith Password ******
Using Oracle LDAP server, there are two methods of creating groups, "groupOfNames" and "groupOfUniqueNames". Uptime Infrastructure Monitor uses "groupOfNames" method.
The following articles will help with setting up Oracle LDAP users under "groupOfNames"
- http://docs.oracle.com/cd/E19623-01/820-6169/defining-static-groups.html
- http://docs.oracle.com/cd/E19316-01/820-2763/bcajq/index.html
If you are unsure of the paths, use applications such as Active Directory Explorer or Wireshark to connect to the AD/LDAP server to determine the path.
- Active Directory Explorer
http://technet.microsoft.com/en-ca/sysinternals/bb963907.aspx - Wireshark
http://www.wireshark.org/download.html