LDAP login working on NPC/PC but not on NFA

Document ID : KB000032377
Last Modified Date : 14/02/2018
Show Technical Document Details


LDAP configuration from CAPC remotely not getting passed to the NFA datasource correctly.


NFA standalone or distributed associated with CAPC or NPC. 


SSO LDAP settings have not propagated down from CAPC/NPC to NFA


Use SsoConfig on the NFA side to configure LDAP (Local Value) to override what CAPC SSO has passed down, see example below:

PS C:\CA\NFA\Portal\SSO\bin> .\SsoConfig.exe
Single Sign-On Configuration Tool
Enter q to quit the program or b to go back to previous menu

SSO Configuration:
1. CA Performance Center
2. CA Network Flow Analysis
Choose an option > 2

SSO Configuration/CA Network Flow Analysis:
1. LDAP Authentication
2. SAML2 Authentication
3. Performance Center
4. Single Sign-On
5. Test LDAP
6. Export SAML2 Service Provider Metadata
Choose an option > 1

SSO Configuration/CA Network Flow Analysis/LDAP Authentication:
Connection User:
Connection Password:
Search Domain:
Search String:
Search Scope:
User Bind: Disabled
Account User:
Account User Default Clone:
Status: Enabled
Timeout: 10000

1. Remote Value
2. Local Override
Choose an option > 2

SSO Configuration/CA Network Flow Analysis/LDAP Authentication/Local Override:
1. Connection User:
2. Connection Password:
3. Search Domain:
4. Search String:
5. Search Scope:
6. User Bind:
7. Encryption:
8. Account User:
9. Account User Default Clone:
10. Group:
11. Krb5ConfigFile:
12. Status:
13. Timeout:
Select a Property >q

Select the appropriate options above to configure LDAP on NFA