I can login to CAPC with my LDAP users, but I cannot login to NFA with my LDAP users

Document ID : KB000031794
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem:

I can login to CAPC with my LDAP users, but I cannot login to NFA with my LDAP users.

 

Environment:

NFA version 9.1.x or newer

CAPC  version 2.3.3 or newer

 

Cause:

The SSO module in CAPC encrypts the "Connection Password" used to bind to LDAP and passes that encrypted password down to NFA's SSO module.  However the NFA SSO module is not able to use encrypted passwords, so the login will fail.

You can verify that this is the case by running the command below, if the password appears to be encrypted, proceed with the resolution below.

mysql -P3308 -D reporter -t -e "select * from performance_center_properties where PropName like '%LdapConnectionPassword%';"

 

 

Resolution:

To resolve this, you must manually set the connection password in the SSO module on the NFA Console server with a Local Override by following the steps below:

1. Open the SsoConfig.exe from the \CA\NFA\Portal\SSO\bin directory on the NFA Console server.

2. Select Option #2 for CA Network Flow Analysis.

SelectNFA2.png

3. Select Option #1 for LDAP Authentication.

Option1Ldap.png

4. Select Option #2 for Local Override.

LocalOverride.png

5. Select Option #2 for "Connection Password" then enter "u" for update.

Option2ConnectionPasswordU2.png

6. Enter the password for the "Connection User" that you use to bind to LDAP and hit enter.

7. Attempt to login to NFA again and you should now be able to login to NFA.

 

Additional Information: 

 If you have upgraded to NFA 9.3.3 you will need to remove the Local Override for the LDAP Connection Password, and make sure the encrypted password syncs down from CAPC.  NFA 9.3.3 now expects an encrypted password.