NetXMS Support Forum

Please login or register.

Login with username, password and session length

Author Topic: Can't logon NetXMS Console thru LDAP authentication(Windows AD@Win2008)  (Read 56 times)

Marshall Chen

  • Newbie
  • *
  • Posts: 2
    • View Profile

1. I configured ldap parameters as attached picture #1, and run ldapsync with debug 4 level, everything goes fine and required users were synchronized from AD correctly.
Code: [Select]
2019.04.17 16:14:30.303 *D* LDAPConnection::initLDAP(): Connecting to LDAP server
2019.04.17 16:14:30.303 *D* LDAPConnection::initLDAP(): servers="xxxxxxx.mydomain.COM:389" port=389 secure=no
2019.04.17 16:14:30.365 *D* LDAPConnection::fillLists(): Found entry count: 2
2019.04.17 16:14:30.365 *D* LDAPConnection::fillLists(): Found dn: CN=WANGEW,OU=Jia Xing,OU=CN,OU=Asia,OU=Users,OU=Global,DC=mydomain,DC=com
2019.04.17 16:14:30.365 *D* LDAPConnection::fillLists(): User added: dn: CN=WANGEW,OU=Jia Xing,OU=CN,OU=Asia,OU=Users,OU=Global,DC=mydomain,DC=com, login name: WANGEW, full name: Wang, Eric W, description: EMPLOYEE
2019.04.17 16:14:30.365 *D* LDAPConnection::fillLists(): Found dn: CN=CHENMX20,OU=Jia Xing,OU=CN,OU=Asia,OU=Users,OU=Global,DC=mydomain,DC=com
2019.04.17 16:14:30.365 *D* LDAPConnection::fillLists(): User added: dn: CN=CHENMX20,OU=Jia Xing,OU=CN,OU=Asia,OU=Users,OU=Global,DC=mydomain,DC=com, login name: CHENMX20, full name: Chen, Marshall, description: EMPLOYEE
2019.04.17 16:14:30.365 *D* LDAPConnection::closeLDAPConnection(): Disconnect form LDAP server
2019.04.17 16:14:30.365 *D* UpdateLDAPUser(): User added: ID: (null) DN: CN=WANGEW,OU=Jia Xing,OU=CN,OU=Asia,OU=Users,OU=Global,DC=mydomain,DC=com, login name: WANGEW, full name: Wang, Eric W, description: EMPLOYEE
2019.04.17 16:14:30.365 *D* UpdateLDAPUser(): User added: ID: (null) DN: CN=CHENMX20,OU=Jia Xing,OU=CN,OU=Asia,OU=Users,OU=Global,DC=mydomain,DC=com, login name: CHENMX20, full name: Chen, Marshall, description: EMPLOYEE

2. After that I manually added the LDAP user into local 'Admins' group with all objects access.(pciture 2, 3)

3. All looks like very good, when I use this LDAP user to logon NetXMS console, it always pop up 'Access Dinied' windows. So I turned on Debug 4 level but unfortunantly there is nothing related the authentication failure.
Code: [Select]
2019.04.17 16:17:59.063 *D* [client.session     ] Client session with ID 2 registered
2019.04.17 16:17:59.063 *D* [client.session.2   ] Read thread started
2019.04.17 16:17:59.094 *D* [client.session.2   ] Server time zone: CST+08CDT

===> Anyone who knows something can help me on this? thanks in advance.
Logged

Tursiops

  • Sr. Member
  • ****
  • Posts: 360
    • View Profile

Your server is probably configured to be case sensitive in regards to usernames (that's the default).
The LDAP username is all uppercase, while you're logging in with the name in all lowercase.
So either use the all caps name to log in, or set the "CaseInsensitiveLoginNames" server configuration option to "1" and restart your NetXMS server service.
Logged

Marshall Chen

  • Newbie
  • *
  • Posts: 2
    • View Profile

Your server is probably configured to be case sensitive in regards to usernames (that's the default).
The LDAP username is all uppercase, while you're logging in with the name in all lowercase.
So either use the all caps name to log in, or set the "CaseInsensitiveLoginNames" server configuration option to "1" and restart your NetXMS server service.

Good catch Tursiops. You are absolutely correct, it's the case sensitive issue. It's no problem by using the id with uppercase. The option 'CaseInsensitvieLoginNames' is the perfect resolution for this issue. Very appreciate your support Tursiops.
Logged