FAQ

What are the configuration files needed to diagnose a LDAP rights problem with Reporter?

FAQ ID:    FAQ383
Version:    11.0
Status:    Published
Published date:    08/18/2009
Updated:    07/07/2010
 

Answer

One of my LDAP users complains that no database has been assigned to it, when they log in.

I am seeing this error when I attempt to log in  to Reporter using LDAP

" in order to view reports in Reporter, your system administrator must set up a database for you to have access to."

How to troubleshoot this issue:

To diagnoise why this message occurs you need to look at these three files, kept in these folders.

  • For Windows:
    • <installed drive> Program files\Blue Coat Reporter 9\settings.
  • For LINUX:
    • /opt/bc/reporter/settings.

Which files do I need?

 The four  files, which  can be extracted out of a diagnostic upload ZIP file, are:

groups.cfg ------------- shows the groups that have been assigned roles.

ldap_users.cfg --------Is a dynamic file ( updated, or created each time LDAP users are authenticated).

                                       It shows the groups that Reporter found, as is searched the LDAP Realm) the last time each user logged in.

roles.cfg -----------------Shows the roles and the databases and rights assigned to each field.

 external_user_sources.cfg Shows the LDAP realm and how it's configured.

NOTE: For a detailed list of other configuration files, in Reporter, version 9.x, please see:

https://kb.bluecoat.com/index?page=content&id=FAQ372

How do you use these to troubleshoot this message?

1: Find the user in the ldap_users.cfg file.

2: Edit it using a text editor, and note the groups this user  has been assigned. 

NOTE: Often you can stop there, as you will now know that you choose a group in the LDAP tree that is not in this list. Very often,  users choose a nested group, which Reporter, version 9.1.x does not support.

3: Match the groups in groups.cfg with the groups in the ldap_users.cfg  file. If no match is found,  then the user is not in that  group, acording to  the LDAP search Reporter just conducted.

4: The role name is also mentioned both in the groups.cfg and the roles.cfg, by way of a hashed name.  If there is no match between the hashed name in both files , then the role is not configured properly.

Resolution:

For the role to work,  it has to have a match in three files - the role.cfg file,the ldap_users.cfg  and the groups.cfg file.

For the user to work properly,  a matching pair has to be found next to the user in  the ldap_users.cfg file, and the groups.cfg.  

NOTE1: The external_user_sources.cfg file has to be configured properly for any LDAP connectivity to work as per this KB article. Using the 'test' button, at the end of the LDAP realm configuration wizzard will tell if you if it is.

NOTE2: For  a list of what LDAP error codes you may see in the journals, and what they mean see   FAQ813 

 

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question