LDAP authentication does not work after migrating from 7.0.2 to 7.1.1.3
We are migrating a BF 7.0.2 environment to 7.1.1.3. The bfmigrateconfig tool completed successfully. BF starts up fine and all the configuration data appears to be there.
However, none of the migrated user accounts can authenticate against LDAP. We can only login using the root account. The error in the log is: WARNING: Login failed - User '<userid>' is not in the Authorized Group DN for Domain 'dssldap'. A trace by Security on BF's LDAP call indicates no errors. The response sent back to BF contains the correct groups. Also, the LDAP configuration screen on the BF 7.1.1.3 instance is identical to the one on the 7.0.2 instance. Note that we are connecting to the LDAP server using "anonymous" (there is no bind account/password) I cannot delete and recreate the accounts because there are too many of them and also because experience tells me all the logs associated with a deleted account lose their original ownership. Am I missing something obvious here? Thanks! Jozef |
One answer
|
Submitted a PMR and it turned out the case of the group name in BF did not match the one in LDAP and in BF 7.1 that stuff is now case-sensitive. I changed
cn=bf_prod_ro,ou=internal,ou=groups,ou=ldap,o=la to cn=BF_PROD_RO,ou=internal,ou=groups,ou=ldap,o=laand that fixed it. Jozef |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.