9 Replies Latest reply on Oct 22, 2013 8:13 PM by robby07

    WebReporter - Active Directory as external directory

    prajoshgeorge

      I have been trying to add Active Directory as the external directory in web reporter but without any success. After entering the Name, IP, Active Directory and default port (389), I  am getting the below message

       

      WR.PNG

      When I change from Active Directory to LDAP as the type, it adds successfully. However when I go to logon accounts and try to add a network user, it fails to get any of the usernames I enter.

      I tried to enter the advanced configuration manually, I entered the BASE DN and User Key, and enter the admin name and password. It updates successfully when I click update now but it fails to get any users, groups etc.

        • 1. Re: WebReporter - Active Directory as external directory
          sroering

          I suspect there is a problem with the config.

           

          You will definitely want to use type Active Directory, since type LDAP would make assumptions in the queries that don't work with Active Directory.

           

          I understand that your settings may be private, so please give me an example of how you are configuring the directory if you don't want to post your real config.

          • 2. Re: WebReporter - Active Directory as external directory
            prajoshgeorge

            I did a fresh install of Web Reporter 5.1. Went to directories > add

             

            Name: COMPANY_DOMAIN

            Type: Active Directory

            IP: IP of Domain Controller

            Port: 389

             

            Clicked Detect to retrieve the settings automatically. Prompted for username and password. Tried with my account (COMPANY_DOMAIN\username) and got the above message. Should I try an account with  domain admin privileges? I have Account Operator privileges.

            • 3. Re: WebReporter - Active Directory as external directory
              sroering

              Yes, I would try a domain Admin account.  You could check the server.log to see if you see an Active Directory LDAP error code using your account.  If you can find an error code, you can search google for an explaination to see which permissions are required.

              • 4. Re: WebReporter - Active Directory as external directory
                prajoshgeorge

                This error in the log

                 

                2013-03-12 16:57:48,019 ERROR [securecomputing.smartfilter.server.facade.impl.DirectoryLookupImpl] lookup failed, stepThatDied=node not found. e=javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1

                2013-03-12 16:57:48,034 ERROR [securecomputing.smartfilter.server.facade.AdminServerFacade] Caught AdminServerException:Unable to find any results.

                2013-03-12 16:58:00,998 ERROR [securecomputing.smartfilter.server.facade.impl.DirectoryLookupImpl] lookup failed, stepThatDied= e=null

                2013-03-12 16:58:00,998 ERROR [securecomputing.smartfilter.server.facade.AdminServerFacade] Caught AdminServerException:Unable to find any results.

                 

                  I will get the domain admin to enter his credentials but will it have to be entered everytime the domain admin password is changed or is it only a one time entry.

                 

                Message was edited by: prajoshgeorge on 12/03/13 10:20:55 CDT
                • 5. Re: WebReporter - Active Directory as external directory
                  sroering

                  It would need to be updated anytime the domain admin changes their password.  I'm not sure if that level of permissions is necessary, but worth trying.

                   

                  LDAP error 1 seems to be an error binding, so could ben anything. I'll assume that you are using the correct username\password since it is your own, which means that your account doesn't have permission to bind to the root of the domain. You could try to manually configure the directory and see if it works.

                  • 6. Re: WebReporter - Active Directory as external directory
                    prajoshgeorge

                    What do I enter here? I didnt want to mess up entering the wrong values. I tried once. Since I didnt know what to enter I tried to type LDAP. It retrieved BaseDN(dc=some,dc=thing,dc=here) and User Key (uid). Directory requires login i entered my credentials and changed to AD in general and saved it. I did a Update now and it said it was successful but in the description it mentioned  0 users and 0 groups found and of course in the error log it was the same error. Does web reporter r equire domain admin privileges AD account?

                     

                    wr.png

                     

                    Message was edited by: prajoshgeorge on 12/03/13 11:53:36 CDT
                    • 7. Re: WebReporter - Active Directory as external directory
                      sroering

                      DN is the distinguished name.  You were correct.

                       

                      Base DN would be similar to DC=mafee,DC=com

                      Leave the user DN empty

                       

                      user key is sAMAccountName

                       

                      leave group key empty

                      you can enter displayName for the full name key

                       

                      Because the logon account also requires DN, you would use something like this

                      cn=sroering,cn=Users,dc=mcafee,dc=com

                      or

                      cn=sroering,ou=support,dc=mcafee,dc=com

                       

                      If you don't know the DN for you account, try this command from a command line (replace sroering with your logon name) and look into c:\dump.txt

                       

                      ldifde -f c:\dump.txt -l dn,sAMAccountName,dn -p subtree -r "(&(objectClass=user)(sAMAccountName=sroering))"

                      • 8. Re: WebReporter - Active Directory as external directory
                        prajoshgeorge

                        Tried like you said with the domain admin account. Didnt work.

                        • 9. Re: WebReporter - Active Directory as external directory
                          robby07

                          I had the same issue and the above solution worked for me! 

                           

                          Now, McAfee needs to update their documentation as it is misleading.   McAfee Web Reporter 5.2.1 Product Guide Revision A is not helpful and the Help instructs to use uid instead of sAMAccountName for the User Key

                           

                          Using McAfee Web Reporter 5.2.1.01 build 1482 in a Windows 2008 Active Directory environment.