cancel
Showing results for 
Search instead for 
Did you mean: 
tburns
Level 7
Report Inappropriate Content
Message 1 of 5

ATD Build 3.4.8 and LDAP configuration preventing UI login

 

Dear colleagues,

 

I am have been setting up an ATD for a POC for a customer in the UK and have encountered the following issue:

After configuring LDAP in ATD with Build 3.4.8.96  as shown with the error on LDAP test connection:

 

   

 

Despite using the correct password I am unable to login via the web UI.

 

 

It is possible to login with  cliadmin on the console, so  the question is there a command to reset the LDAP configuration via the CLI?

 

 

I have looked in the manual and this does not appear to be a CLI command to undo the LDAP setting in the external facing documentation.

 

FYI

 

 

There does appear to be a undocumented feature with LDAP component as if I use ldp.exe with the same AD credentials it does not report an error.

 

 

If “simple” is used no error is reported in the ATD UI

 

Many thanks in advance

 

 

Tony

 

4 Replies
Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: ATD Build 3.4.8 and LDAP configuration preventing UI login

Hi,

tested in my Environment. Noticed the same Problem. LDAP Simple works, SSL does not.

I also had the Problem, after configuring LDAP i was not able to logon to ATD with any user, AD user or local user. :-(

Does this work in your Environment?

Cheers

tburns
Level 7
Report Inappropriate Content
Message 3 of 5

Re: ATD Build 3.4.8 and LDAP configuration preventing UI login

Hi Troja,

I experienced the same results with my ATD box as [simple] worked but SSL does not with local or AD user account.

The only way to log in is with CLIADMIN via a console connection.

I intend to raise a sales escalation to determine the CLI command to reset the LDAP configuration, the alternative being to reset the box back to factory default via the CLI

Tony

Re: ATD Build 3.4.8 and LDAP configuration preventing UI login

Tony,

What was the resolution on this issue. I ran into a very similar issue, and have yet to get the atdadmin account permission to access the FTP server, even after factorydefaults was issued.

tburns
Level 7
Report Inappropriate Content
Message 5 of 5

Re: ATD Build 3.4.8 and LDAP configuration preventing UI login

Hello,

This is my understanding and I am waiting for confirmation on this

 

Q1: Is it necessary to create local ATD database user accounts for the configuration of LDAP in ATD?

 

  • This is required only for the accounts already enabled in the local ATD authentication database (see page 6 ATD 3.4.8 Product Guide Rev A for list of required user names to be added to LDAP), the only exception being the CLIADMIN account

 

Q2: Does the enablement of LDAP require the “Fallback” option to be ticked i.e. enabled?

 

  • LDAP does not require Fallback to be ticked, if Fallback is enabled this will enforce the matching of user accounts and user password in the local database (of ATD) with the equivalent in LDAP which will add additional administrative overhead for the creation of LDAP accounts and maintenance of passwords.
  • NOTE: If Fallback is NOT enabled the matching of LDAP usernames and passwords with the local ATD authentication database will not be applied and thus avoid the administrative overhead described above.

  

 

Q3: Why does ATD enforce password complexity on the creation of user accounts which in the case of a typical customer maybe more restrictive than the current Cx AD password policy?

 

  • This is required if Fallback has been enabled, if Fallback is NOT enabled LDAP (AD) will remain the authoritative for password complexity. If LDAP is not used ATD will use it’s own local authentication database which has password policy options for “standalone” deployments of ATD.

 

 

The LDAP option was added to the current release of ATD 3.4.8 which is a feature that is unique to ATD compared to equivalent solutions in the market.

 

BR

Tony

 

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.