after LDAP setup. 2 admin accounts works others do not work...

[Muhammad Asif 3]

after LDAP setup. 2 admin accounts works others do not work, they are in the same admin group. can anyone help on this issue.

[Naeem Sufi 3]

Check their properties in ldap , also check their permissions (effective permissions) see whats different from IDS that work this may give you clues

[Muhammad Asif 3]

permissions are same. how can I check IDS

[Muhammad Asif 3]

ALL admin users are in same active directory group. should have same rights. I have removed one user from security center and it should Auto added it but still I do not see it.

[Debra Waybright]

Check settings in the Server Administration - Access Control. Is LDAP the primary security provider Are all the accounts in the Server Administrator Role

[Muhammad Asif 3]

All users are in administration AD group. LDAP is primary security provide also. we removed one user from webfocus user list to check if gets auto added but it still not there. is the settings in screen shot correct

[Muhammad Asif 3]

can we make changes to admin.cfg file as in previous version to make them similar

[Debra Waybright]

Im not entirely certain, but I think you need to have the User Authorization External Only radio button clicked, not the Internal. Or maybe Internal and External.

You may need to reach out to support for help with the settings. We did.

[Martin Yergeau]

According to my settings where I have LDAP and SSO

 

image.png771367 23.7 KB

 

 

image.png782319 24 KB

 

 

image.png776346 26 KB

 

Otherwise follow Debra suggestion and call TechSupport

[Brian Suter]

Autoadd happens when the user attempts to log in (and autoadd is enabled).

And do you have a WebFocus group which has admin privileges and is mapped to the ldap group you are using to control WF admins

[Toby Mills]

Suggest you read Chapter 4 in the security manual.

 

image.png793755 72.3 KB

 

Its easy to get turned around on the names Authentication versus Authorization

 

image.png797391 53.5 KB

 

The External Group Mapping that Brian is talking about is in here too:

 

image.png824584 68.7 KB

 

I think Id change our checkbox about Account Creation to only add people who are tied to a mapped group from LDAP:

 

image.png809548 69.9 KB

 

Use Martins example That should work for you.

[SATHEESH B]

You want to use LDAP for Authentication and LDAP Group for Authorization.

 

Create LDAP Connection On the Reporting Server. Make sure to choose the Primary or Secondary.

Primary doesnt require prefix with username and it will be default for authentication and Secondary Required Prefix. Set the Connection Trusted .

in the WF Admin console Enable External Security.

If you want to manage the users choose internal authorization .

If you want to manage the users from external group choose internal and external or External.

Save and restart the client.

If you want to use external group then you have to map the external group with WF Domain Group.

In the WFClient Security Center choose the group and create a subgroup called external Do not map the External group directly to parent group. mapping will allow only user from the mapped group you cant add any users manually. If there is a problem with external security you cant make changes.

Select the wf group external and map the External group. if you cant find the group then there is a problem with the external connection.

 

Security changes required restart check the logs for any issue. if you still have issue you may need to reach out tech support .

[Muhammad Asif 3]

Thanks All I have figured it out, getting error incorrect user and password means its not configuration issue, I think Issue is with password some type of passwords webfocus does not like.

[Naeem Sufi 3]

Yes WebFocus does not allow special Characters