cancel
Showing results for 
Search instead for 
Did you mean: 
prajoshgeorge
Level 10

WebReporter - Active Directory as external directory

I have been trying to add Active Directory as the external directory in web reporter but without any success. After entering the Name, IP, Active Directory and default port (389), I  am getting the below message

WR.PNG

When I change from Active Directory to LDAP as the type, it adds successfully. However when I go to logon accounts and try to add a network user, it fails to get any of the usernames I enter.

I tried to enter the advanced configuration manually, I entered the BASE DN and User Key, and enter the admin name and password. It updates successfully when I click update now but it fails to get any users, groups etc.

0 Kudos
9 Replies
sroering
Level 13

Re: WebReporter - Active Directory as external directory

I suspect there is a problem with the config.

You will definitely want to use type Active Directory, since type LDAP would make assumptions in the queries that don't work with Active Directory.

I understand that your settings may be private, so please give me an example of how you are configuring the directory if you don't want to post your real config.

0 Kudos
prajoshgeorge
Level 10

Re: WebReporter - Active Directory as external directory

I did a fresh install of Web Reporter 5.1. Went to directories > add

Name: COMPANY_DOMAIN

Type: Active Directory

IP: IP of Domain Controller

Port: 389

Clicked Detect to retrieve the settings automatically. Prompted for username and password. Tried with my account (COMPANY_DOMAIN\username) and got the above message. Should I try an account with  domain admin privileges? I have Account Operator privileges.

0 Kudos
sroering
Level 13

Re: WebReporter - Active Directory as external directory

Yes, I would try a domain Admin account.  You could check the server.log to see if you see an Active Directory LDAP error code using your account.  If you can find an error code, you can search google for an explaination to see which permissions are required.

0 Kudos
prajoshgeorge
Level 10

Re: WebReporter - Active Directory as external directory

This error in the log

2013-03-12 16:57:48,019 ERROR [securecomputing.smartfilter.server.facade.impl.DirectoryLookupImpl] lookup failed, stepThatDied=node not found. e=javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1

2013-03-12 16:57:48,034 ERROR [securecomputing.smartfilter.server.facade.AdminServerFacade] Caught AdminServerException:Unable to find any results.

2013-03-12 16:58:00,998 ERROR [securecomputing.smartfilter.server.facade.impl.DirectoryLookupImpl] lookup failed, stepThatDied= e=null

2013-03-12 16:58:00,998 ERROR [securecomputing.smartfilter.server.facade.AdminServerFacade] Caught AdminServerException:Unable to find any results.

  I will get the domain admin to enter his credentials but will it have to be entered everytime the domain admin password is changed or is it only a one time entry.

Message was edited by: prajoshgeorge on 12/03/13 10:20:55 CDT
0 Kudos
sroering
Level 13

Re: WebReporter - Active Directory as external directory

It would need to be updated anytime the domain admin changes their password.  I'm not sure if that level of permissions is necessary, but worth trying.

LDAP error 1 seems to be an error binding, so could ben anything. I'll assume that you are using the correct username\password since it is your own, which means that your account doesn't have permission to bind to the root of the domain. You could try to manually configure the directory and see if it works.

0 Kudos
prajoshgeorge
Level 10

Re: WebReporter - Active Directory as external directory

What do I enter here? I didnt want to mess up entering the wrong values. I tried once. Since I didnt know what to enter I tried to type LDAP. It retrieved BaseDN(dc=some,dc=thing,dc=here) and User Key (uid). Directory requires login i entered my credentials and changed to AD in general and saved it. I did a Update now and it said it was successful but in the description it mentioned  0 users and 0 groups found and of course in the error log it was the same error. Does web reporter r equire domain admin privileges AD account?

wr.png

Message was edited by: prajoshgeorge on 12/03/13 11:53:36 CDT
0 Kudos
sroering
Level 13

Re: WebReporter - Active Directory as external directory

DN is the distinguished name.  You were correct.

Base DN would be similar to DC=mafee,DC=com

Leave the user DN empty

user key is sAMAccountName

leave group key empty

you can enter displayName for the full name key

Because the logon account also requires DN, you would use something like this

cn=sroering,cn=Users,dc=mcafee,dc=com

or

cn=sroering,ou=support,dc=mcafee,dc=com

If you don't know the DN for you account, try this command from a command line (replace sroering with your logon name) and look into c:\dump.txt

ldifde -f c:\dump.txt -l dn,sAMAccountName,dn -p subtree -r "(&(objectClass=user)(sAMAccountName=sroering))"

prajoshgeorge
Level 10

Re: WebReporter - Active Directory as external directory

Tried like you said with the domain admin account. Didnt work.

0 Kudos
robby07
Level 7

Re: WebReporter - Active Directory as external directory

I had the same issue and the above solution worked for me! 

Now, McAfee needs to update their documentation as it is misleading.   McAfee Web Reporter 5.2.1 Product Guide Revision A is not helpful and the Help instructs to use uid instead of sAMAccountName for the User Key

Using McAfee Web Reporter 5.2.1.01 build 1482 in a Windows 2008 Active Directory environment.

0 Kudos