Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2723
Views
0
Helpful
6
Replies

Simple Active Directory Integration

Go to solution
davidregourd
Level 1
Level 1

‎04-09-2012 07:25 AM

Hello,

I need to integrate a Cisco Portal 9.3.1 with an Active Directory in order to demonstrate the capabilities of the portal in a classic "AD based" environment.

I have been browsing the documentation for two weeks but did not really found answers to my questions.

The PDF documentation is quite minimalist, and seems to imply the knowledge of the former versions of Newscale.

So here are my questions:

  • Is there a way to import my A.D. users in the Cisco Portal database?
  • Why can't I log back in my portal with admin/admin when I have activated the external authentication events (it is said in the intro that local auth. is tested by default before external one).
  • Is there somewhere a more complete documentation on these questions?

What would be great is a best practices sheet on how to integrate the Portal to AD.

Thanks by advance.

David

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Fabio Gutierrez
Level 1
Level 1
In response to davidregourd

‎04-11-2012 07:06 AM

It should still work if you're using the AD UPN for the EUABindDN. I have this working my lab but with the "Person Lookup" events, and not Login events. I'll have to test with the Login events.

Make sure that the users that you're trying to import all have data for the fields that you are mapping. If there is a field that is NULL in AD but which is mapped in your Request Center Mappings then the import will fail. You can test this by going into the mappings configuration and the AD login name (sAMAccountName) and then testing the lookup to see that all of the mapped fields are populated with data. That lookup will use your UPN format (#LoginId#@domain.com) to query AD and pull the info so it should be a valid test of that Import User event.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
davidregourd
Level 1
Level 1

‎04-10-2012 01:40 AM

Hi,

I have figured out the following statement:

- the overall mechanism to authenticate on AD works fine, as long as there is no space in the AD Distinguished Names.

Has somebody a hint to get around this issue? Most of the ADs I have to work with have been filled in a standard way, and so all the DNs are like "CN=john doe,OU=department,DC=domain,DC=local" .

Any Suggestion is welcomed.

0 Helpful

Go to solution
davidregourd
Level 1
Level 1
In response to davidregourd

‎04-10-2012 02:29 AM

Hi,

I have tried to use as the EUABindDN variable something like:

#LoginID#@domain.com

Having set this, the external authentication works, but only for the users who have been imported.

New users are not imported

THX

0 Helpful

Go to solution
Fabio Gutierrez
Level 1
Level 1
In response to davidregourd

‎04-10-2012 12:55 PM

David, do you have the Login event enabled under Administration/Directories/Events? It should be if External Authentication is working. You'll have to add another task in its configuration -- "Import User" below External Authentication, so that a new user is imported after authenticating. You can do the same for Order on Behalf, Person Lookup for Service Form, etc. if you want. Hope this helps.

0 Helpful

Go to solution
davidregourd
Level 1
Level 1
In response to Fabio Gutierrez

‎04-11-2012 01:59 AM

Hello Fabio,

Thank you for your mail.

I have followed each point on the integration pdf document.

I have set a logon event with

It is the import event that fails. The logs talk about a "getperson" LDAP command that fails. (it fails only when the user is new, not when he already exists in the database portal).

When I use a classic ldap DN as EAUBindDN it works (logon and import) but as my AD CNs contain spaces, it cannot be used with #LoginId#.

So to summarize, it seems that the #LoginId#@domain.com as EUABindDN prevents the portal to create users.

Tank you for your patience, if you read me!

Best regards,

David

0 Helpful

Go to solution
Fabio Gutierrez
Level 1
Level 1
In response to davidregourd

‎04-11-2012 07:06 AM

It should still work if you're using the AD UPN for the EUABindDN. I have this working my lab but with the "Person Lookup" events, and not Login events. I'll have to test with the Login events.

Make sure that the users that you're trying to import all have data for the fields that you are mapping. If there is a field that is NULL in AD but which is mapped in your Request Center Mappings then the import will fail. You can test this by going into the mappings configuration and the AD login name (sAMAccountName) and then testing the lookup to see that all of the mapped fields are populated with data. That lookup will use your UPN format (#LoginId#@domain.com) to query AD and pull the info so it should be a valid test of that Import User event.

0 Helpful

Go to solution
davidregourd
Level 1
Level 1
In response to Fabio Gutierrez

‎04-12-2012 06:08 AM

Hello Fabio

Thank you for your mail.

Your comments helped me very much to find the solution even if it was not directly the solution.

I hadn't checked the Refresh Person Profile in my import step, so the portal could not create the people the first time.

Now it works on the AD UPN.

Thank you again.

David

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents