Where to check LDAP query from Cloudera Navigator? - active-directory

I configured our Cloudera Navigator service to authenticate via LDAP. I'm able to login in Navigator, however I instantly get an error:
You are not authorized to view this page
When I log in with full administrator and try to search for LDAP groups to add, I get nothing returned, so I think there is something wrong with my configuration. Where should I be able to see how does the LDAP query look like?
I use identical settings for LDAP as I used when configuring Cloudera Manager, where everything works fine. The LDAP group I'm looking for has a "Navigator" admin role assigned in CM.

I would use this tool to monitor which queries are performed on the AD :
https://learn.microsoft.com/fr-fr/sysinternals/downloads/adinsight

Related

The permissions granted to user 'MachineName\Administrator' are insufficient for performing this operation. (rsAccessDenied)

(Revised based on comments below)
I know there's a ton of posts like this online and I've browsed many and found no useful help.
I have setup and configured SSRS many times and have not had this problem. The setup is similar to other servers in the past (all stand alone servers - no AD). I can log into Report Manager from a browser on the local server but when I try to access from my remote dev machine or from deploying a report from VS I get the above message.
This is how I'm trying to login which works on other servers but not this one.
http://Server IP/Reports
-Username: Administrator
-Password: admin password
I get the above error even though this is exactly the same as on other servers.
I should mention that I connect using a VPN to the network so I have access to the private IPs as well.
I also tried using he private IP
I also tried MachineName\Administrator
I also tried creating an SQL user with admin privileges and that did not work either.
This is a screenshot from a server where everything is working as expected. Administrators had default permissions (Content Manager). Users has browse:
This is a screenshot from the server that’s having permission issues. I assigned all roles to both admin accounts
and then I added all roles to both admin accounts:
Now I can deploy from VS using the username "administrator".
and I made a little progress (i think...) trying to access report manager from my pc. From IE (run as admin) on my local pc I try to access report manager from this URL
http://server ip/Reports/browse/
-Username: Administrator
-Password: admin password
And now I gain access to server manager but cannot see any content. When I click on the home button I get this error:
Any recommendations?

you have no privileges to view this object or it does not exist

In vCenter 6.5 vSphere web client, if I logon as any user other than administrator#vsphere.local, I can't get to a few areas like Administration > Single sign on > Configuration.
I swear I did something to get my other user accounts access before, but if it's not just to give administrator access to 'global access', then I can't remember. vCenter died recently and I had to recreate it.
I'm trying to give otherUser#vsphere.local and an Active Directory group full access to do everything that administrator#vsphere.local can do.
Anyone know how to do this?
Note: I have the vCenter Server Appliance.
There's separate roles and permissions for vCenter and Appliance configurations (such as SSO). Make sure you're properly setting the permissions for those users/groups there as well.
Example of the SSO permissions: link

login failed while accessing the Active directory with logon name from WSO2 apim

I've connected my WSO2 api manager with external ldap i.e. Microsoft Active Directory.
I have a following user in my Active directory :
Username : WSO2 Admin
User logon Name : WSO2.Admin#india.test.com
NT logon Name : INDIA\WSO2.Admin
When I'm setting the Admin role for my user's Username in user-mgt.xml file. I'm able to login into the the WSO2 admin console with Username i.e. WSO2 Admin only and I'm also able to see all the users from active directory but If I'm trying to login into management console with the actual logon name i.e. india\WSO2.Admin or WSO2.Admin#india.test.com It's showing me login failed error.
<AdminUser>
<UserName>WSO2 Admin</UserName>
<Password>xxxxx</Password>
</AdminUser>
Can somebody please help me solving this?
In WSO2 carbon (base for all wso2 products, not just apim) realms and domains are having different meaning.
e. g. the domain #india.test.com in the carbon logon form denotes the tenant (the default tenant is carbon.super. You may try to log in with WSO2.Admin#carbon.super in theory it should work. (I did not try it myself)
as well the realm (in form of realm\username) hints the carbon to use a secondary userstore with specified realm parameter (I may be wrong in this format, if someone knows for sure, feel welcome to correct me)
I believe full domain should work with a Kerberos authenticator (used for applications, not for the Carbon management console), but this authenticator has been reworked and improved in current versions, so I don't know current state)

Sonarqube groups along with LDAP AD groups is over-riding all membership locally configured in SonarQube

We are using LDAP plugin v1.4 & Sonarqube v4.5.7.
LDAP user configuration is working fine but if we enable group configuration it is overriding all membership locally configured in SonarQube including default local groups – sonar-users, sonar-administrators (these 2 groups are not available in Active Directory, practically tough to manage them in our LDAP setup). No new users are added to sonar-users group automatically and added users are removed when they login.
Because of this new users are not able to login to Sonar until admin configures his AD group ID he is part of in Sonar backend. Is there any solution to handle this?
Also, in this scenario,
1. Is there a way to exclude these 2 groups from AD syncup
2. How to add users automatically to sonar-users with AD group configuration
Our LDAP settings are stnadard settings available in LDAP plugin documentation.
Thanks a lot for any help on this topic.
As described in the docs (emphasis added),
When group mapping is configured (i.e the below ldap.group.* properties are configured), membership in LDAP server will override any membership locally configured in SonarQube. LDAP server becomes the one and only place to manage group membership (and the info is fetched each time the user logs in).
To turn group mapping off, remove the ldap.group.* properties.

Liferay: LDAP Authentication not working

LDAP Authentication has been enabled.
Test LDAP Connection returns successful.
Test LDAP Users returns with a list of users.
Test LDAP Groups is successful as well.
I sign out of Test#Liferay.com and try logging in as on of the users returned from "Test LDAP Users."
Authentication fails.
Liferay throws authentication fails very quickly as if it did not even check against Active Directory.
Any suggestions? Thanks!
Liferay does not connect to LDAP to do authentication. It imports LDAP entities (user/groups) into it's own db. Only after import you can authenticate with user from LDAP (Liferay's copy of user).
How did you setup LDAP import setting? On startup? Periodically?
UPDATE:
Do you have errors in logs regarding ldap import?
Which version of Liferay do you use?
Do you have export to ldap enabled? (that never worked for me, meaning import failed because of export)
I also suffered with this problem before. I solved it now.
Do you enable the Export of LDAP. How you are doing the ldap configuration if you are using control panel-> Portal Setting then
You can check the search Filter of User portion and set objectClass=inetOrgPerson
Usually the best way to start troubleshooting these things is to get a network trace with something like WireShark and see what calls are being made as well as the corresponding replies.

Resources