cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
841
Views
0
Helpful
12
Replies

CML 2.6.1 LDAP Authentication user display Issue

Chmiene
Level 1
Level 1

Hi Community,

i have a problem with a new CML 2.6.1 installation with LDAP authentication. The Authentication via LDAP is working with/without NTLM and users/admins can login to CML. The problem is: The users/admins are not displayed in the User Database on WebUI. It looks like, the creation of AD authentication users with that "non-local" flag written in the documentation is not working. I don´t find anything in the Logs.

Do you have an idea for this? Thanks!

BR,

Christian

12 Replies 12

Chmiene
Level 1
Level 1

Update: Users which have logged in yesterday are now present in WebUI User Administration. But new users from today are again not visible.

balaji.bandi
Hall of Fame
Hall of Fame

When you enable LDAP - When the CML server is configured to use LDAP, the local user lookup is disabled

Note that if you configure CML to use LDAP, and the LDAP settings are incorrect or there was a change in the LDAP server, you may find that no one can log into the CML server. Once CML is configured to use the LDAP Authentication Method, all login attempts are authenticated via LDAP. Therefore, even the local admin user will be unable to log into the CML server. If CML can reach the LDAP servers over the network, it will not fall back to local authentication even if it fails to bind to the LDAP servers.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi, thanks for reply.

Yes, that is written in the documentation. The local user lookup is disabled, that´s true, but that´s not the problem here. The AD users from yesterday are present now. It seems like there is a hidden LDAP search cronjob to update the user database via LDAP search in the night or something similar on the application or underlying ubuntu, but i cannot find it in the linux config.

rkochery
Cisco Employee
Cisco Employee

Hi @Chmiene , That is expected behavior, A user will be seen in the Web UI only after he logs in to CML. A user who never logged into CML will not be displayed in CML Web UI. 

Hi rkochery,

thanks for your reply. Yes, that´s an expected behaviour. But in my case , the users logged in, they are missing in WebUI and after the next night, they are present. I have reproduced that issue now three times.

 

varma10
Level 1
Level 1

Is there a guide to configure LDAP authentication with CML. I could not find one and unable to determine what attributes are required to configure CML with LDAP authentication. 

rkochery
Cisco Employee
Cisco Employee

Hi @varma10 , Please try open the User Administration page in CML and refresh the page, it should show the new users. 

Hi rkochery,

that´s exactly the problem, the Admin page shows the users only after a night. Last week at Cisco Live EMEA i have asked that too, but nobody knows the problem. Maybe my installation is broken somewhere. Let´s wait for a new Version and i will have a look on it after the update. Thanks!

Hi @Chmiene , As i mentioned in my previous comment, you just need to refresh the User Administration page, you do not need to wait overnight. 

I did that multiple times! A new user logged in the first time and i refreshed that page multiple times, restarted CML..... After the next night, the user is in the user administration page.

Is there a hidden Refresh button i didn´t find until now?

 

I have reinstalled the application and the problem is solved. I don´t know what´s happened in the first installation. Thread can be closed, thanks for all answers!