What are the configuration files needed to diagnose a LDAP rights problem with Reporter?


<< Back to Knowledge Search

Solution

Overview

One of my LDAP users complains that no database has been assigned to it, when they log in.

I am seeing this error when I attempt to log in  to Reporter using LDAP

" in order to view reports in Reporter, your system administrator must set up a database for you to have access to."

How to troubleshoot this issue:

To diagnoise why this message occurs you need to look at these three files, kept in these folders.

  • For Windows:
    • <installed drive> Program files\Blue Coat Reporter 9\settings.
  • For LINUX:
    • /opt/bc/reporter/settings.

Which files do I need?

 The four  files, which  can be extracted out of a diagnostic upload ZIP file, are:

groups.cfg ------------- shows the groups that have been assigned roles.

ldap_users.cfg --------Is a dynamic file ( updated, or created each time LDAP users are authenticated).

                                       It shows the groups that Reporter found, as is searched the LDAP Realm) the last time each user logged in.

roles.cfg -----------------Shows the roles and the databases and rights assigned to each field.

 external_user_sources.cfg Shows the LDAP realm and how it's configured.

NOTE: For a detailed list of other configuration files, in Reporter, version 9.x, please see:

/articles/Solution/WhataresomecommonconfigurationfilesinReporterandwhatdotheydo

How do you use these to troubleshoot this message?

1: Find the user in the ldap_users.cfg file.

2: Edit it using a text editor, and note the groups this user  has been assigned. 

NOTE: Often you can stop there, as you will now know that you choose a group in the LDAP tree that is not in this list. Very often,  users choose a nested group, which Reporter, version 9.1.x does not support.

3: Match the groups in groups.cfg with the groups in the ldap_users.cfg  file. If no match is found,  then the user is not in that  group, acording to  the LDAP search Reporter just conducted.

4: The role name is also mentioned both in the groups.cfg and the roles.cfg, by way of a hashed name.  If there is no match between the hashed name in both files , then the role is not configured properly.

Resolution:

For the role to work,  it has to have a match in three files - the role.cfg file,the ldap_users.cfg  and the groups.cfg file.

For the user to work properly,  a matching pair has to be found next to the user in  the ldap_users.cfg file, and the groups.cfg.  

NOTE1: The external_user_sources.cfg file has to be configured properly for any LDAP connectivity to work as per this KB article. Using the 'test' button, at the end of the LDAP realm configuration wizzard will tell if you if it is.

NOTE2: For  a list of what LDAP error codes you may see in the journals, and what they mean see   000015695 

 

 

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ383
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      Reporter 9.1
Article Number      000014773
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat