000033717 - An LDAP User Fails to Authenticate to the Forensics User Interface (FUI) in RSA Web Threat Detection

Document created by RSA Customer Support Employee on Jan 11, 2017Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033717
Applies ToRSA Product Set: Web Threat Detection
RSA Product/Service Type: Forensics
RSA Version/Condition: 4.6, 5.x, 6.x
IssueA single user cannot authenticate the Forensics User Interface (FUI). The Customer is using LDAP authentication. No other users are affected.  
Example Customer Case: 
There is one user that cannot authenticate to the FUI and we don’t know what’s happening. First we were using local authentication and the user's account was locked after trying wrong passwords 4 times. In the meantime, we enabled LDAP Authentication and this user ID exists in LDAP.  When the user tried to authenticate the first time (authentication order: LDAP, WTD), he was prompted to create a new password in the FUI.  Changing the password did not work. We presumed that the password changes only happen in local user database, so we tried to reset the user’s local password.  The behavior was still the same, i.e., new password being asked for in FUI login screen. – NOTE: Only LDAP is set in authentication methods. We tried to recreate the user, but it did not change the behavior. We tried disabling LDAP and enabling only local (WTD) authentication. The user could change password and  successfully login. After that we changed authentication back to LDAP only and the user authenticated but couldn’t login, because WTD asked him to change his password.
CauseThe Customer was using the same user to bind to LDAP and then subsequently to login to the WTD FUI. 
ResolutionThe Customer should not use the same user ID that binds to LDAP as a regular WTD user expecting to be able to login. They will need to create a user exclusively in the LDAP directory for the binding and a separate user for logging into the WTD FUI.