cancel
Showing results for 
Search instead for 
Did you mean: 
yota79
Level 7

OpenLdap Authentication bind user

Hi,

I'd like to know the correct configuration for use the openldap authentication. I have the McAfee Siem 4600 .

In the configuration -> Login Security -> LDAP  I insert this value :

Enabled

IP Address -> Ip address of ldap server

Port -> 389 ( standard port of ldap )

Base Domain Name -> dc=local,dc=com

Group Attribute -> cn=admins,ou=Group,dc=local,dc=com ( here I insert the group that the user belong , group admins)

Group Filter -> (&(objectClass=posixGroup)(memberUid=<<username>>))    (  This is the default value , to check if the user is belong to group admins )

User Filter -> (&(ou=People,dc=local,dc=com)(uid=<<username>>))   ( Where to find the user, under People ).

But on the /var/log/messages i found this

Nov 17 16:12:21 McAfee pdns_recursor[1721]: Failed to update . records, RCODE=2

Nov 17 16:13:02 McAfee cac.pl: Info: Called with getmode

Nov 17 16:13:02 McAfee ldapinit: LDAPINIT: logged in okay!  connection successful

Nov 17 16:13:02 McAfee ldapinit: success=NotOk LDAP Bind:  Code(34) invalid DN

Nov 17 16:13:02 McAfee ldapinit: success=NotOk LDAP Bind:  Code(49) Invalid credentials

Nov 17 16:13:02 McAfee last message repeated 3 times

Nov 17 16:13:02 McAfee cpserviced[2340]: NotOk LDAP Bind: Code(49) Invalid credentials

Nov 17 16:13:02 McAfee libESSDB.so[2340]: User_Login - Invalid login - user1

 

Where I can set the bind user to check if my username and the password is correct ?

0 Kudos
1 Reply
abanaru
Level 11

Re: OpenLdap Authentication bind user

To check if the credentials of user1 are correct you can try the following from the CLI of ESM:

ldapsearch -h IP_OF_LDAP_SERVER -b dc=local,dc=com -D user1,ou=People,dc=local,dc=com -W

I recommend checking logs on the OpenLDAP as well.

0 Kudos