cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DT AppMon - LDAP authentication failed for user

Ramesh_Nadar
Advisor

Hello All,

We are setting up LDAP connection for user authentication on DT AppMon 6.5

LDAP test connection is success. We are able to generate certificate & view it. But we are not able to connect client using LDAP user ID's.


Please find below queries/ problem:

1. There is group limitation 10,000. how we can increase it. As we are able to find few Group ID's

2. Under Accounts when we are creating user ID & select pre deifned user groups (as we are not able to select group which is deifned from LDAP as it is auto - assigned by LDAP) we are ending up with below error

2018-10-18 12:22:21 WARNING [LdapConnection] Failed to authenticate user: "CN=Ramesh xxx      /xx/xx/xx/xx,OU=CONSULTANTS,OU=xxxI xxK LTD,OU=ADUSERS",DC=xxxxankltd,DC=com with [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
2018-10-18 12:22:21 WARNING [LdapAuthenticationModule] LDAP authentication failed for user: xxx156607
2018-10-18 12:22:21 WARNING [ClientSessionInitializer] Failed to login user 'xxx156607'

3. What are the privileges required for Bind DN ID (xxxxAP /xx/xxNK/xx)?

Bind DN: CN=xxxxAP     /xx/xxNK/xx,OU=APPS IDS,OU=xxxI xxNK LTD,OU=ADUSERS,DC=xxxxnkltd,DC=com

4. What are the search attributes for LDAP used your env. (we have refered DT doc - default user/group search attributes is not helping us. Need help with some used cases)

Server connection Log:

2018-10-18 11:32:23 INFO [PermissionManager] Testing LDAP connection: ssl:CN=xxxxANK/HYD,OU=APPS IDS,OU=xxxxCI xxNK LTD,OU=ADUSERS,DC=xxxxankltd,DC=com@10.24.xx.xx:636/DC=xxxxankltd,DC=com
2018-10-18 11:32:23 INFO [LdapConnection] vendorName =
2018-10-18 11:32:23 INFO [LdapConnection] vendorVersion =
2018-10-18 11:32:23 INFO [LdapConnection] supportedLDAPVersion = 3
2018-10-18 11:32:23 INFO [LdapConnection] supportedLDAPVersion = 2
2018-10-18 11:32:23 INFO [LdapConnection] supportedSASLMechanisms = GSSAPI
2018-10-18 11:32:23 INFO [LdapConnection] supportedSASLMechanisms = GSS-SPNEGO
2018-10-18 11:32:23 INFO [LdapConnection] supportedSASLMechanisms = EXTERNAL
2018-10-18 11:32:23 INFO [LdapConnection] supportedSASLMechanisms = DIGEST-MD5
2018-10-18 11:32:23 INFO [LdapConnection] defaultNamingContext = DC=xxxxankltd,DC=com
2018-10-18 11:32:23 INFO [LdapConnection] dnsHostname = xxxxxC001.xxxxankltd.com
2018-10-18 11:32:23 INFO [LdapConnection] isGlobalCatalogReady = TRUE
2018-10-18 11:32:23 INFO [LdapConnection] domainFunctionality = 4

11 REPLIES 11

Ramesh_Nadar
Advisor

Hi All,

Need your help to solve this issue.

Cheers

Ramesh


mathieu_chatte1
Advisor

Hello,

Because you are using Microsoft Active Directory LDAP system, did you add this configurations in <DT_HOME>/dtserver.ini :

-Dcom.dynatrace.diagnostics.includePrimaryGroupForLDAPActiveDirectory=false

-Dcom.dynatrace.diagnostics.strictLDAPAuthentication=false

Regards,

Mathieu


Hi Mathieu,

Thanks for your reply.

Yes our AD server is Microsoft. We have already added config in dtserver.ini file. Please find below screenprint.

Query- Do we need to append at bottom of config or after -Dcom.dynatrace.diagnostics.debugMobileCorrelation=true? Will it make any difference. Thanks

Cheers

Ramesh


Hello Ramesh,

No difference, the configuration is ok.

Could you do another test with Account Attribute = uid ?

Thanks,

Mathieu


Hi Mathieu,

Thanks for the confirmation.

Yes, last time I tried changing account attribute = uid. But it didn't work. Again I changed it account attribute, still not working.

Cheers,

Ramesh


Ramesh_Nadar
Advisor

Hello All,

Need your help on Dynatrace AppMon LDAP config.


mathieu_chatte1
Advisor

Hello Ramesh,

Try to create a LDAP Group on Dynatrace Users Group assign to you if not ever done.

Regards,

Mathieu


Hi Mathieu,

As I mentioned in my above queries, "There is group limitation 10,000. how we can increase it. As we are able to find few Group ID's"

I'm not able to find my group DL.

Thanks

Ramesh


Now I'm able to find my group ID. but still not able to connect to user my user ID.


Ramesh_Nadar
Advisor

Would like to know when we set userID and select "Use LDAP authentication" why password & "dynatrace community credentials" password are visible with encrypted characters (5 char)? PFB screenprint

Thanks

Ramesh


Hello All,

Any suggestion on this.

We are still not able to integrate with LDAP.

Thanks

Ramesh