Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2413
Views
0
Helpful
4
Replies

CUIC Active Directory Configuration

Joe Gilbert
Level 1
Level 1

‎01-24-2012 10:10 AM - edited ‎03-14-2019 09:14 AM

We have installed CUIC 8.5(3) but cannot configure active directory correctly. We only want users who are in a specific security group to be able to login. Is this possible? The security group is UCCE_Reporting.

We have tried using the below in the User Search Base field but neither work.

CN=UCCE_Reporting,CN=Users,DC=***,DC=***

OU=UCCE_Reporting,CN=Users,DC=***,DC=***

Labels:
0 Helpful
4 Replies 4

Amer rajai Sha'er
Level 7
Level 7

‎01-26-2012 01:05 AM

Hello,

Can you please try :

OU=UCCE_Reporting, OU=Users, DC=****, DC=*****

Amer

0 Helpful

Joe Gilbert
Level 1
Level 1
In response to Amer rajai Sha'er

‎01-26-2012 05:32 AM

Hi Amer,

I tried your suggestion but it did not work. All user accounts are not located in Users or UCCE_Reporting groups. The users are members of UCCE_Reporting only.

I tried the suggestions on this link but they did not work either. I don't think the User Search Base field supports LDAP filters.

https://supportforums.cisco.com/docs/DOC-13350

0 Helpful

Kris Lambrechts
Level 1
Level 1
In response to Joe Gilbert

‎01-26-2012 01:34 PM

That's not possible as such. The User Search Base defines the location on the Domain where CUIC can find the user's accounts, group membership is pretty much irrelevant. This is more about user authentication than it is about authorization.

The authorization part is controlled through the Users page in the CUIC interface. So you'd have to define your Search Base wide enough to incorporate all OUs that may contain users on the domain and then manually define the IDs that have accesss to CUIC on the Users page.

Cheers,

Kris

0 Helpful

Joe Gilbert
Level 1
Level 1
In response to Kris Lambrechts

‎01-26-2012 01:52 PM

Hi Kris,

I believe you are correct as I have tried every way I could find to try and limit login based on group membership.

This isn't a huge issue but any account that is in the OU defined in the User Search Base can login to CUIC regardless of if that user is listed in the User List page. This isn't a huge risk as the user does not have access to anything by default but that doesn't seem like a secure practice to let users who are not in the user list to login.

0 Helpful
Customers Also Viewed These Support Documents