I'm trying to configure the Smart Software Manager satellite to use LDAP instead of local accounts, but I can't get this to work at present. There aren't any logs that I can see in the GUI to help with, my settings are below can anyone see what I am doing wrong?
We use non-SSL communication for LDAP/AD.
LDAP IP: 192.168.0.1 Port: 389 Base DN: OU=Admins,OU=Users,DC=Domain,DC=Local Authentication: plain UID: Cisco Service Account Bind DN: CN=Cisco Service Account,OU=Admins,OU=Users,DC=Domain,DC=Local Password: something
It is possible to use AD LDAP, in this case the application needs a unique gidNumber for each LDAP group object returned from the AD container.
By creating a separate ou and placing group objects with serialized gidNumbers you can fix the applications requirement for it.
The gidNumber attribute can be edited with your AD attribute editor tab or ADSI.
Once this is done you with be able to enumerate the groups within the container.
In AD it looks like this:
I must caution anyone that looking at his using plain authentication. The password on the cssm.ladp user will be passed in the clear. With that I would advise that this user is heavily restricted and has no privilege other than reading the dedicated OU.
There are likely to be other issues that will surface here, but this is a start.
Thanks for posting this - I had a look at the latest version of ssm 7-201910 released last week. It has support for AD and openldap and imports the AD groups specified in the dn if you select Active Directory - can't seem to allocate roles based on the groups though. It also has secure ldap support (simple_tls) which I've tested successfully.
The iso for the new version on the download site has an incorrect hash but the iso included in the zip (same download page) installed fine for me.
I have similar problem. I am able to see LDAP groups (security groups), but I am unable to see users. I am also using the newest 8-0202004. Strange is that when I am in LDAP Users I cannot see in tcpdump initiated traffic from SSM.