Video Screencast Help

AD Integration issue

Created: 11 Feb 2013 | 3 comments
Mike Buckley's picture

I've followed the kb, and installed a root CA, however when I try and test the connection I see a 525 error in imr.log, this seems to be invalid username.  When I try and use a user without the certificate bound to the account I get the same error so I think this is a cert issue.  Running openssl the connection works (and the CN of the DC is correct) but it fails at the end as it can't find the local certificate store (error 20).

Where are the certs stored on SSIM so I can do a full openssl test?  Or are they in LDAP?

Anybody got any suggestions?  key length is 2048 so that should be ok.


Comments 3 CommentsJump to latest comment

olaf's picture

I normally test the connection using the idsldapsearch command.

SSIM uses the keystore /etc/symantec/ses/key.kdb.

The errors in the imr.log are normally accurate.

If it can't find the user, I would check if the user is in the Users container.

I think the user which actually queries the Active Directory has to be in this container.

When you are running the latest patch level you should be able to import/authenticate users outside of this container.

Mike Buckley's picture

Thx Olaf, from memory we're running the latest 4.7 MP4 patch which I checked and it has the fix for authenticating users outside of the users container.  I'll pick it up again when I'm next on site with them (Monday).

Mike Buckley's picture

Annoyingly I've been through all the patch release notes for 4.7.4 and MP release notes and I can't find out where the restriction that it must be in the users container has been lifted, I'm sure I've seen it somewhere but this kb suggests it's still in place?

Am I thinking of 4.8?