This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
CharlesWheeler
Beginner
Beginner
‎2018-02-26 11:04 AM

Stuck on Identity Source

I am setting up RSA SecurID for the first time and attaching it to a Windows Server 2016 domain. I am following the steps in "How to create an external LDAP Identity Source in RSA Authentication Manager 8.1 SP1 or later" but connecting to the basic AD LDAP doesn't work. My configuration is:

Identity Source: DC1 (This is the name of domain controller)

Type: Active Directory

Directory URL: ldap://DC1.domain.local (name of the AD domain)

Directory User ID: DomainAdmin@domain.local

Directory Password: correct password

 

But Test Connection fails each time. This is for the Primary RSA, not a replica. I know I am missing something basic, but am stumped and the online documents have not been much help. I can ping the DC from the RSA server, and the ldap URL resolves. Any help is appreciated.

0 Likes
Reply
2 Replies
jeffshurtliff
Administrator Administrator
Administrator
‎2018-02-26 12:22 PM

Hi Charles,

 

I have moved this thread to the RSA SecurID Suite" data-type="space so that you can get an answer to your question.

 

You can post future questions and discussions directly to that community by clicking on the Ask a Question or Start a Discussion button on the RSA SecurID Suite" data-type="space page.

 

securid_discussions-section.png

 

Thanks,
Jeff

Reply
EdwardDavis
Employee
Employee
‎2018-02-26 04:50 PM

You mentioned replica. Is there a replica ? If there is a replica, the replica also needs to have a working ldap url configured for the identity source.

 

Otherwise it is pretty simple. Name it, give it a working URL, admin name and password and save it.

 

You can test an ldap connection on the command line:

get on command line as rsaadmin,  (ssh is good)

become root with

sudo su -   (enter)

and rsaadmin password again

 

As root, run ldapsearch, should dump a list of groups

my non-ssl example here I have a dc 10.101.99.154, administrator@farmco.local and password password1##

and the top level of my domain is dc=farmco,dc=local

 

ldapsearch -h 10.101.99.154 -p 389 -D administrator@farmco.local -w password1## -b "dc=farmco,dc=local" -s sub "objectclass=group" grouptype cn

 

Sample Output snip:

# DHCP Administrators, Users, farmco.local
dn: CN=DHCP Administrators,CN=Users,DC=farmco,DC=local
cn: DHCP Administrators
groupType: -2147483644

# Distributed COM Users, Builtin, farmco.local
dn: CN=Distributed COM Users,CN=Builtin,DC=farmco,DC=local
cn: Distributed COM Users
groupType: -2147483643

# CERTSVC_DCOM_ACCESS, Users, farmco.local
dn: CN=CERTSVC_DCOM_ACCESS,CN=Users,DC=farmco,DC=local
cn: CERTSVC_DCOM_ACCESS
groupType: -2147483644

# ad-aliases, Users, farmco.local
dn: CN=ad-aliases,CN=Users,DC=farmco,DC=local
cn: ad-aliases
groupType: -2147483646

# sliders, Users, farmco.local
dn: CN=sliders,CN=Users,DC=farmco,DC=local
cn: sliders
groupType: -2147483646

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.