Re: Vra 8.1 multi tenant ad-user can't login

woshijinyun1 · ‎08-18-2020

Hi:

my vra8.1 multi tenant integrated AD, " cn=users,dc=XXX,dc=XXX" ,only users under this default ou can login multi tenant.

if i create new ou,can't login multi tenant, it's say “incorrect users and password”, it's seem that there is not AD authentication

user account even if i sync the new OU and users.

anyone encountered this problem? how to solve it ？ thanks

Lalegre · ‎08-18-2020

Hey woshijinyun1,

Some questions here:

Which is the Base DN from where you are synchronizing?
Which is the Base DN you specified on the users tab inside the directory?
Which are the Safeguards limit you are applying in the vIDM?

If you are able to sync the users please check that you are applying the roles inside vRA Identity Tab

Please take a look to those points and let us know!

woshijinyun1 · ‎08-18-2020

hi:

this is my test environment, ad strouct

if i change the sync target ou is "cn=usrs,dc=abc,dc=com", the user "test010" can login tenant vra.

and now i sync target ou "ou=asiainfo-sec,dc=abc,dc=com", the user "jjj" can't log tenant vra. it say "incorrect users and password"

in my vra sync DN group

User Tab

SafeGuard is default

In vra

Lalegre · ‎08-19-2020

I would suggest to first login into your Tenant vIDM and check if the user is actually synced. I suspect that this user "jjj" is not sync inside the vIDM maybe because of the attributes that are required.

I have an installation of vRealize Automation 8.1 using Multi-Tenant and i am not facing this issue. Try the next:

Login into Tenant vIDM and update the Base DN to: OU=asiainfo-sec,DC=abc,DC=com
Update the user DN also to: OU=asiainfo-sec,DC=abc,DC=com
Trigger a sync from vIDM manually and paste an output from the Sync Log that is inside the Identity Source.
Paste an screenshot from inside: OU=asiainfo-sec,DC=abc,DC=com

All

Vra 8.1 multi tenant ad-user can't login