IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

IBM SOAR 51.0.2 integration issue with AD (LDAP)

  • 1.  IBM SOAR 51.0.2 integration issue with AD (LDAP)

    Posted Sun August 11, 2024 04:21 PM

    Hello, I recently deployed on Prem IBM SOAR 51.0.2.X in air-gapped environment. All the installation and initial configuration went smooth except the AD integration. It is required to have SSL enabled communication between SOAR and LDAP in my environment, So, i followed as per the documentation.  The LDAP configuration in the CLI is successful, I used ldap diagnosis tool to fetch the users from AD group on CLI, it was successful. I even can see enable LDAP option appeared on UI under ORG setting (usually it will be visible in case of successful configuration). so now the real problem

    1. once i enable the AD on UI, it is supposed to show the Groups that the service account (used in the config) has the authorization, but it is not showing.
    2. when i click on search button, it shows red banner with message "unable to connect to LDAP service".

    when i checked the client.log, i found that we are hitting exact below error and made sure that all the points those were mentioned in the technote are covered.

    QRadar SOAR: "Directory service is unreachable" when authenticating with QRadar SOAR (ibm.com)

    I am seeing the above error when SOAR tries to fetch the stuff from AD automatically, but i try with resutil and ldapdiagnosis tools, the connection and authentication works perfectly.

    I strongly believe that the configuration that we are giving to resutil somehow not being to sync at the backend. Another reason that strengthens this statement is that i recently tried to update the SOAR license using resutil license command. the command results say the license update is successful, but i still can't access the UI due to license limitation. Later i fiigured out that the .key file under crypt folder was holding the old license key. So, i manually updated the file which eventually resolved the issue.

    Sorry for the long post, but i really appreciate if someone can give an insight on this issue before the support case(or help me to avoid raising the support case😊). Please let me know if you want to know more details about the issue to solve this problem



    ------------------------------
    Naga Venkata Chaitanya Maheswaram
    ------------------------------


Related Content