IBM Security Verify

 View Only
Expand all | Collapse all

Users which are present in policy directory is not visible on backend LDAP through LDAP browser.

  • 1.  Users which are present in policy directory is not visible on backend LDAP through LDAP browser.

    Posted Thu September 29, 2022 09:11 AM
    Hi All,

    I have created users directly on policy directory through below LMI user interface.

    But these users are not getting visible on LDAP server, when tried to search it using LDAP browser.
    Can any one please explain why the Policy Directory users are getting shown in LDAP database.
    We have ISVA 10.0 installed on virtual machine (VA) and the policy directory server installed in windows machine and i have configured it using run time configuration.
    Does this type of setup is correct do i need to make any additional changes in it.
    I have installed LDAP browser on that windows machine where i have installed policy directory server.

    Thank You

    ------------------------------
    Anannd Dhage
    ------------------------------


  • 2.  RE: Users which are present in policy directory is not visible on backend LDAP through LDAP browser.

    Posted Fri September 30, 2022 06:34 AM
    Hi Annand,
    the Object is created at the dn you enter at Registry UID Field.

    ------------------------------
    Jens Petersen
    ------------------------------



  • 3.  RE: Users which are present in policy directory is not visible on backend LDAP through LDAP browser.

    Posted Mon October 03, 2022 01:25 AM
    HI

    Easy way to check is to find out whether you can see the user in policy administration? 
    From what you say:
    1.runtime is configured against external LDAP (which is Directory server running in windows)
    2.then when you create a user from policy administration , it should get created in the registry at the specified Registry DN.
    3.Its worth if you can try directly attempt an ldapsearch  against the DS

    idsldapsearch -D cn=root -w <password of root> -h <hostname of DS > -p <port of DS> -s sub -b "" objectclass=*

    if it still doesn't show up the user.

    then you need to check ldap.conf and the registry DN that you actually specified.

    If you are able to locate the user in policy administration during search user then its definitely created.

    few things that would be check(other that what I provided)
    1.what bind user you are using when ldap browser is used
    2.make sure its using exactly same ip/hostname which is specified in ldap.conf in appliance
    3.we can well also try to use sec_master to bind and check whether the user is visible.
      typically, it would be : cn=securitymaster,secAuthority=Default       ( specify if secAuthority=Default has different location)

    ------------------------------
    Tushar
    Tushar
    ------------------------------