I have been trying to add Active Directory as the external directory in web reporter but without any success. After entering the Name, IP, Active Directory and default port (389), I am getting the below message
When I change from Active Directory to LDAP as the type, it adds successfully. However when I go to logon accounts and try to add a network user, it fails to get any of the usernames I enter.
I tried to enter the advanced configuration manually, I entered the BASE DN and User Key, and enter the admin name and password. It updates successfully when I click update now but it fails to get any users, groups etc.
I suspect there is a problem with the config.
You will definitely want to use type Active Directory, since type LDAP would make assumptions in the queries that don't work with Active Directory.
I understand that your settings may be private, so please give me an example of how you are configuring the directory if you don't want to post your real config.
I did a fresh install of Web Reporter 5.1. Went to directories > add
Type: Active Directory
IP: IP of Domain Controller
Clicked Detect to retrieve the settings automatically. Prompted for username and password. Tried with my account (COMPANY_DOMAIN\username) and got the above message. Should I try an account with domain admin privileges? I have Account Operator privileges.
Yes, I would try a domain Admin account. You could check the server.log to see if you see an Active Directory LDAP error code using your account. If you can find an error code, you can search google for an explaination to see which permissions are required.
This error in the log
2013-03-12 16:57:48,019 ERROR [securecomputing.smartfilter.server.facade.impl.DirectoryLookupImpl] lookup failed, stepThatDied=node not found. e=javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1
2013-03-12 16:57:48,034 ERROR [securecomputing.smartfilter.server.facade.AdminServerFacade] Caught AdminServerException:Unable to find any results.
2013-03-12 16:58:00,998 ERROR [securecomputing.smartfilter.server.facade.impl.DirectoryLookupImpl] lookup failed, stepThatDied= e=null
2013-03-12 16:58:00,998 ERROR [securecomputing.smartfilter.server.facade.AdminServerFacade] Caught AdminServerException:Unable to find any results.
I will get the domain admin to enter his credentials but will it have to be entered everytime the domain admin password is changed or is it only a one time entry.Message was edited by: prajoshgeorge on 12/03/13 10:20:55 CDT
It would need to be updated anytime the domain admin changes their password. I'm not sure if that level of permissions is necessary, but worth trying.
LDAP error 1 seems to be an error binding, so could ben anything. I'll assume that you are using the correct username\password since it is your own, which means that your account doesn't have permission to bind to the root of the domain. You could try to manually configure the directory and see if it works.
What do I enter here? I didnt want to mess up entering the wrong values. I tried once. Since I didnt know what to enter I tried to type LDAP. It retrieved BaseDN(dc=some,dc=thing,dc=here) and User Key (uid). Directory requires login i entered my credentials and changed to AD in general and saved it. I did a Update now and it said it was successful but in the description it mentioned 0 users and 0 groups found and of course in the error log it was the same error. Does web reporter r equire domain admin privileges AD account?
Message was edited by: prajoshgeorge on 12/03/13 11:53:36 CDT
DN is the distinguished name. You were correct.
Base DN would be similar to DC=mafee,DC=com
Leave the user DN empty
user key is sAMAccountName
leave group key empty
you can enter displayName for the full name key
Because the logon account also requires DN, you would use something like this
If you don't know the DN for you account, try this command from a command line (replace sroering with your logon name) and look into c:\dump.txt
ldifde -f c:\dump.txt -l dn,sAMAccountName,dn -p subtree -r "(&(objectClass=user)(sAMAccountName=sroering))"
I had the same issue and the above solution worked for me!
Now, McAfee needs to update their documentation as it is misleading. McAfee Web Reporter 5.2.1 Product Guide Revision A is not helpful and the Help instructs to use uid instead of sAMAccountName for the User Key.
Using McAfee Web Reporter 5.2.1.01 build 1482 in a Windows 2008 Active Directory environment.