LDAP login working on NPC/PC but not on NFA

Document ID : KB000032377
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem:

LDAP configuration from CAPC remotely not getting passed to the NFA datasource correctly.

Environment:

NFA standalone or distributed associated with CAPC or NPC. 

Cause:

SSO LDAP settings have not propagated down from CAPC/NPC to NFA

Workaround:

Use SsoConfig on the NFA side to configure LDAP (Local Value) to override what CAPC SSO has passed down, see example below:

PS C:\CA\NFA\Portal\SSO\bin> .\SsoConfig.exe
Single Sign-On Configuration Tool
Enter q to quit the program or b to go back to previous menu

SSO Configuration:
1. CA Performance Center
2. CA Network Flow Analysis
Choose an option > 2

SSO Configuration/CA Network Flow Analysis:
1. LDAP Authentication
2. SAML2 Authentication
3. Performance Center
4. Single Sign-On
5. Test LDAP
6. Export SAML2 Service Provider Metadata
Choose an option > 1

SSO Configuration/CA Network Flow Analysis/LDAP Authentication:
Connection User:
Connection Password:
Search Domain:
Search String:
Search Scope:
User Bind: Disabled
Encryption:
Account User:
Account User Default Clone:
Group:
Krb5ConfigFile:
Status: Enabled
Timeout: 10000

1. Remote Value
2. Local Override
Choose an option > 2

SSO Configuration/CA Network Flow Analysis/LDAP Authentication/Local Override:
1. Connection User:
2. Connection Password:
3. Search Domain:
4. Search String:
5. Search Scope:
6. User Bind:
7. Encryption:
8. Account User:
9. Account User Default Clone:
10. Group:
11. Krb5ConfigFile:
12. Status:
13. Timeout:
Select a Property >q

Select the appropriate options above to configure LDAP on NFA