One of my LDAP users complains that no database has been assigned to it, when they log in.
I am seeing this error when I attempt to log in to Reporter using LDAP
" in order to view reports in Reporter, your system administrator must set up a database for you to have access to."
How to troubleshoot this issue:
To diagnoise why this message occurs you need to look at these three files, kept in these folders.
- For Windows:
- <installed drive> Program files\Blue Coat Reporter 9\settings.
- For LINUX:
Which files do I need?
The four files, which can be extracted out of a diagnostic upload ZIP file, are:
groups.cfg ------------- shows the groups that have been assigned roles.
ldap_users.cfg --------Is a dynamic file ( updated, or created each time LDAP users are authenticated).
It shows the groups that Reporter found, as is searched the LDAP Realm) the last time each user logged in.
roles.cfg -----------------Shows the roles and the databases and rights assigned to each field.
external_user_sources.cfg Shows the LDAP realm and how it's configured.
NOTE: For a detailed list of other configuration files, in Reporter, version 9.x, please see:
How do you use these to troubleshoot this message?
1: Find the user in the ldap_users.cfg file.
2: Edit it using a text editor, and note the groups this user has been assigned.
NOTE: Often you can stop there, as you will now know that you choose a group in the LDAP tree that is not in this list. Very often, users choose a nested group, which Reporter, version 9.1.x does not support.
3: Match the groups in groups.cfg with the groups in the ldap_users.cfg file. If no match is found, then the user is not in that group, acording to the LDAP search Reporter just conducted.
4: The role name is also mentioned both in the groups.cfg and the roles.cfg, by way of a hashed name. If there is no match between the hashed name in both files , then the role is not configured properly.
For the role to work, it has to have a match in three files - the role.cfg file,the ldap_users.cfg and the groups.cfg file.
For the user to work properly, a matching pair has to be found next to the user in the ldap_users.cfg file, and the groups.cfg.
NOTE1: The external_user_sources.cfg file has to be configured properly for any LDAP connectivity to work as per this KB article. Using the 'test' button, at the end of the LDAP realm configuration wizzard will tell if you if it is.
NOTE2: For a list of what LDAP error codes you may see in the journals, and what they mean see 000015695