RSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  8.7 or later

The RSA Authentication Manager Identity Source Report Program provided in this article can display Authentication Manager LDAP slot data, perform an identity source communications check, generate a report on the identity source communications and generate a report on all configured identity sources for troubleshooting purposes.

The attached Linux shell script must be run with root privileges and requires the Operations Console username and password to access the data. The script uses the host names and ports that are obtained from the Directory URL/Directory Failover URL values from the Operations Console. It checks for the presence of the LDAP or LDAPS ports that are used in the identity source configuration.

Installation

1. Download and copy the attached RSAAM_ISreporting.sh shell script into the /tmp folder on the primary instance in the Authentication Manager deployment. 
   
   
2. Review the following article on how to enable Secure Shell on the Appliance, if needed. Where secure shell (SSH) has been enabled, a secure FTP client (e.g. WinSCP) can be used to copy the RSAAM_ISreporting.sh shell script into the /tmp folder.
   
   
3. Change the permissions of the RSAAM_ISreporting.sh so it can be used at the command line:
   

   chmod 755 /tmp/RSAAM_ISreporting.sh

Usage

1. Log on to the primary instance with the rsaadmin account, either in an SSH session or at the local console.

2. Change the privileges of the rsaadmin account:
   

   sudo su -

If you do not change the privileges of the rsaadmin account, the following message appears:

 - You must be a user with elevated root permissions to use this program; exiting! -

3. Go to the /tmp folder:
   

   cd /tmp

4. The RSA Authentication Manager Identity Source Report Program requires Operations Console credentials. In the first example, the Operations Console administrator password will be displayed in clear text. In the second example, the Operations Console administrator password is masked.

• Option 1

  
  ./RSAAM_ISreporting.sh <OC username> <OC password>
  
   - checking OC credentials..
  
   - OC credentials validated!
  
   - redirecting to menu..

• Option 2

  
  ./RSAAM_ISreporting.sh
  
   - checking OC credentials..
     ..missing OC credentials!
  
     Please enter OC Administrator username: <OC username>
     Please enter OC Administrator password: ** entered OC password received **
  
   - OC credentials validated!
  
   - redirecting to menu..

  ** substitute <OC username> with the Operations Console username (e.g. ocadmin) and substitute <OC password> with the Operations Console user password.

5. The RSA Authentication Manager Identity Source Report Program menu options:
   

   RSA Customer Support (Asia Pacific)
   
   RSA Authentication Manager Identity Source Report Program
   
   1) Display Authentication Manager LDAP Slot Data
   2) Perform Identity Source Communications Check
   3) Generate a Report on Identity Source Communications
   4) Generate an Identity Source Configuration Report
   9) Exit
   
   Please select an option

Using the menu options:

Option 1: Display Authentication Manager LDAP Slot Data

RSA Customer Support (Asia Pacific)

RSA Authentication Manager Identity Source Report Program

1) Display Authentication Manager LDAP Slot Data
2) Perform Identity Source Communications Check
3) Generate a Report on Identity Source Communications
4) Generate an Identity Source Configuration Report
9) Exit

Please select an option
1

 Authentication Manager LDAP Slot Data

 - retrieving LDAP Slot Data..

 - AM LDAP slot name: ims.ldap-slots.0-global.primary-url
  -- value: ldaps://192.168.26.120:636


 - AM LDAP slot name: ims.ldap-slots.1-global.primary-url
  -- value: ldaps://192.168.26.120:636


 - AM LDAP slot name: ims.ldap-slots.1-global.secondary-url
  -- value: ""


 - AM LDAP slot name: ims.ldap-slots.0-global.secondary-url
  -- value: ""


 - AM LDAP slot name: ims.ldap-slots.2-global.primary-url
  -- value: ldap://192.168.26.210:389


 - AM LDAP slot name: ims.ldap-slots.2-global.secondary-url
  -- value: ""

 Task Completed!

 - NOTE: no check was performed where the LDAP slot name returned a value of ""

 - Press any key to continue -

Option 2:  Perform Identity Source Communications Check

RSA Customer Support (Asia Pacific)

RSA Authentication Manager Identity Source Report Program

1) Display Authentication Manager LDAP Slot Data
2) Perform Identity Source Communications Check
3) Generate a Report on Identity Source Communications
4) Generate an Identity Source Configuration Report
9) Exit

Please select an option
2

 Identity Source Communication Check

 - reporting on Directory URLs and Directory Failover URLs where values were found..

  - performing Name Resolution on 192.168.26.120

120.26.168.192.in-addr.arpa     name = dc01.securidcs.net.


  - checking ports 389/tcp & 636/tcp on 192.168.26.120

  -- 192.168.26.120 on port 389/tcp success
  -- 192.168.26.120 on port 636/tcp success

  - performing Name Resolution on 192.168.26.120

120.26.168.192.in-addr.arpa     name = dc01.securidcs.net.


  - checking ports 389/tcp & 636/tcp on 192.168.26.120

  -- 192.168.26.120 on port 389/tcp success
  -- 192.168.26.120 on port 636/tcp success

  - performing Name Resolution on 192.168.26.210

210.26.168.192.in-addr.arpa     name = centos7.securidcs.net.


  - checking ports 389/tcp & 636/tcp on 192.168.26.210

  -- 192.168.26.210 on port 389/tcp success
  -- 192.168.26.210 on port 636/tcp FAILED

 Task Completed!

 - Press any key to continue -

Option 3:  Generate a Report on Identity Source Communications

NOTE: the report generated in option 3 will report the same information presented on the screen in option 2. 

RSA Customer Support (Asia Pacific)

RSA Authentication Manager Identity Source Report Program

1) Display Authentication Manager LDAP Slot Data
2) Perform Identity Source Communications Check
3) Generate a Report on Identity Source Communications
4) Generate an Identity Source Configuration Report
9) Exit

Please select an option
3

 Generating an Identity Source communication check report called : /tmp/iscommreport_202412191503.log

 Task Completed!

 - Press any key to continue -

Option 4:  Generate an Identity Source Configuration Report

RSA Customer Support (Asia Pacific)

RSA Authentication Manager Identity Source Report Program

1) Display Authentication Manager LDAP Slot Data
2) Perform Identity Source Communications Check
3) Generate a Report on Identity Source Communications
4) Generate an Identity Source Configuration Report
9) Exit

Please select an option
4

 Identity Source Configuration Report (HTML)

 - generating report..

  -- report name : /tmp/isconfigreport_202412191503.html

 Task Completed!

 - Press any key to continue -

An example of the Identity Source Configuration Report: