Troubleshooting
Problem
Some users report that they can't log in when using LDAP, LDAPS, or LDAP with Active Directory authentication. Other users log in successfully.
Symptom
The reported users might experience login failures at the login page:
Cause
The base statement in the LDAP configuration is too narrow leaving users out of the AD/LDAP tree.
For example, a User Base DN is set to look for users on a specific OU (Organization Unit) then users out of that OU cannot log in.
Diagnosing The Problem
- From the LDAP Server, open the Powershell utility.
Note: If you do not have permission to complete queries on your LDAP system, contact your AD/LDAP administrator to provide the information. - To verify the user information, replace <username> in the following command with the username not able to log in:
Get-ADUser -Identity <username> -Properties *
- The DistinguishedName returned by the query indicates the path to the user. For example, analyst1 has a path of OU=Analysts,OU=IT,DC=test,DC=internal.
DistinguishedName : CN=analyst1,OU=Analysts,OU=IT,DC=test,DC=internal
- Verify the Distinguished Name is correct for your LDAP server in the User Base DN field.
Results
The previous output states that the path to the analyst1 user is OU=Analysts,OU=IT,DC=test,DC=internal. However, the base statement in QRadar® searches in OU=SEC,OU=IT,DC=test,DC=internal.
The previous output states that the path to the analyst1 user is OU=Analysts,OU=IT,DC=test,DC=internal. However, the base statement in QRadar® searches in OU=SEC,OU=IT,DC=test,DC=internal.
The users within the OU=SEC can log in, however, analyst1 cannot as it belongs to the OU=Analysts.
Resolving The Problem
Administrators must change the User Base DN on QRadar® to a wider base statement so that queries include other AD/LDAP databases for user accounts.
Using the Diagnosing the Section example, the User Base DN can be changed to OU=IT,DC=test,DC=internal.
Result
The users in OU=Analysts and OU=SEC can log in.
Related Information
Document Location
Worldwide
[{"Type":"SW","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
17 June 2021
UID
ibm16447247