VMware Cloud Community
victorkh
Enthusiast
Enthusiast
‎10-02-2015 10:56 AM
Jump to solution

Can't authenticat user in the LDAP user configuration

I am trying to deploy VIO in my LAB. I have an issue when configuring the authentication source during the deployment. When i put my AD information and provide the openstack admin user/ password then click "Test user configuration", i get this error: Failed to authenticate for vio_user "which is my service account with admin rights"

Even if i put my AD administrator password, i get the same error.

If i click the Test connection, VIO connects to the AD with no issues but the second section doesn't work for me any ideas please?

Preview file
95 KB
Reply
1 Solution

Accepted Solutions
jmgriffes
Enthusiast
Enthusiast
‎10-05-2015 07:56 AM
Jump to solution

If you're using Active Directory, it has to be a Domain account. I noticed on the screenshot you posted earlier you had no DN listed at all, which may be your problem.

I initially couldn't get authentication to work with my AD user as the OpenStack admin until my LDAP guy added the OpenStack AD user into the correct group.

View solution in original post

Reply
7 Replies
jmgriffes
Enthusiast
Enthusiast
‎10-02-2015 10:58 AM
Jump to solution

The user to connect to AD has to be in the Group DN you define. I ran into the same problem.

Reply
0 Kudos
victorkh
Enthusiast
Enthusiast
‎10-05-2015 07:54 AM
Jump to solution

It is in the right Group DN and still getting the same error. Is the OpenStack admin User a local account or it should be a domain account? Does it have to do with the initial password of the management server that gets deployed from the OVA?

Reply
0 Kudos
jmgriffes
Enthusiast
Enthusiast
‎10-05-2015 07:56 AM
Jump to solution

If you're using Active Directory, it has to be a Domain account. I noticed on the screenshot you posted earlier you had no DN listed at all, which may be your problem.

I initially couldn't get authentication to work with my AD user as the OpenStack admin until my LDAP guy added the OpenStack AD user into the correct group.

Reply
victorkh
Enthusiast
Enthusiast
‎10-05-2015 09:20 AM
Jump to solution

You are right. It is strange that they put the test user configuration button above the group tree DN. I tried putting DC=itlab,DC=local which is the root, but it didn't like. After i put CN=Users,DC=itlab,DC=local. It was able to find it....Thank you for all your help.

Reply
0 Kudos
admin
Immortal
Immortal
‎10-06-2015 07:59 PM
Jump to solution

Can you expand a bit more on the confusion in the UI... we can correct it if anything is confusing.

Reply
0 Kudos
victorkh
Enthusiast
Enthusiast
‎10-30-2015 10:35 AM
Jump to solution

Hi Arvind, the confusion is when you click on the "Test user configuration" button. If you don't fill in the "Group Tree DN" -which is blow it- You will get the error in the screenshot. Having "Test user configuration" button above the "Group Tree DN" gives the impression that clicking "Test user configuration" button will not be affected if you have the "Group Tree DN" empty.

Reply
0 Kudos
charlesxue
VMware Employee
VMware Employee
‎11-02-2015 10:58 PM
Jump to solution

hi victorkh

In our VIO2.0 UI, we do not pass any group attributes values to backend for validating when user click the "test user configuration" button.

There is no any dependency on group attributes with the "test user configuration". And this is why we split LDAP params into 3 parts.

I was confused with what you have described. I did some test in our env, but can not repeat your problem.

And i will continue to work on it and try to make it better if there are bugs.

lichao

Reply
0 Kudos