16 Replies Latest reply on Jan 9, 2016 12:38 PM by curtisi

    AD authentication in LEM


      I have been asked to configure LEM to use Active Directory credentials for users to log on with. I have the Directory Service Query tool configured per the documentation, and have added both a directory services user and a directory services group. Ideally, this would all be done via group membership, so I first tried to log on to the web interface using the credentials of an account that was in the previously added group.... I ended up with a failed logon attempt message. After that I tried to log on with just the account that I had added to the appliance, and this fails as well. I need this working very soon! I am supposed to set this up so that when a member of group A logs into LEM, they can only see the nodes that they are responsible for...

        • Re: AD authentication in LEM
          nicole pauls

          When you were logging on as the AD user, did you use domain\user? What you describe should work (add the group, log on as the user in the group without adding the individual user explicitly).

          • Re: AD authentication in LEM

            I have the same issue - just installed LEM, have Directory lookups working, tried logging on after adding an AD group with no luck and the same with an AD user and still no luck.


            Tried the following formats...


            Username - You get error that the Domain name is not properly formed

            Domain\Username - Attempted to log on with no matching directory service connector


            Can't use FQDN\username as the total characters is too long for the username field (and would be a stupid thing to have to type) - but maybe that's what its expecting

              • Re: AD authentication in LEM
                nicole pauls

                We expanded the width of that login dialog for a similar customer-reported issue, you should see it with the 5.5 RC/release (which is imminent).


                I'll add your implicit vote to the fix, though.

                  • Re: AD authentication in LEM

                    So in 2016 and we still have to put the fqdn\username instead of domain\username? Is this ever not going to be a feature?

                      • Re: AD authentication in LEM

                        I've had discussions with the developers, including the one that wrote the code for the DS connector, and at the moment it appears LEM will always work this way.  Part of this is because of the use case where there are sub-domains: apparently Java doesn't handle dev.domain.com and domain.com well, which is a shame. Also, the DS connector works with multiple LDAP systems, not just Microsoft, so this is part of that "agnostic" integration.

                        1 of 1 people found this helpful