This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[MEGA] - AD authentication groups error

Mathis_P
Member

a week ago

Hello,

users have been unable to connect to the application because there is a problem between the application and the AD.

Explanation:

  • Anomaly:

When a user tries to connect to the application, the user receives this error message

 

Mathis_P_1-1731513197061.png

This error message is due to the fact that when the application queries the AD, it cannot find the authentication groups allowing users to connect to the correct environment (ITA or ITPM or etc...).

Context for a user to log in :

To connect, we decided to use user accounts on the AD. On the AD, groups have been set up to manage access rights to the application.

Mathis_P_2-1731513281749.png

Here, the authentication groups on the application correspond to the AD groups to which the users belong.

(Example: a user in the DL_MEGA_PROD_ITA and DL_MEGA_PROD_ITPM groups will have access to ITA and ITMP data only)

Mathis_P_5-1731513610414.png

 

  • Testing :

Network :
- Everything is OK at network level. Requests reach AD server, SQL server, etc..

AD:
- No changes have been made to the AD and the teams don't see anything suspicious.
- Only the user that authenticates to the AD is locked when you connect to it with an AD account.
So we tested with a new authentication account (we just created an SRV_LDAP_MEGA2 account (iso of the old SRV_LDAP_MEGA account) and the problem was no longer present.
- The strange thing is that even after changing the user to connect the application to the AD, the old account locked up for no reason, since we were no longer using it in the LDAP server authentication settings. Is it used anywhere other than in the LDAP server authentication settings ?

Mathis_P_4-1731513506580.png

Application :
- When configuring LDAP server authentication on the application, I use the server name to target the right server.
- When I test the connection between the application and LDAP via the “Verify LDAP” button, it tells me “OK”.
- We wanted to test adding an authentication group, but I don't know how to add one. I can't figure out how to do it

Mathis_P_6-1731513633878.png

Questions:
- Is this a known anomaly?
- Is the LDAP_MEGA user used elsewhere than in the LDAP server authentication parameters? After changing it, can it still be present in a conf file on the server?
- Is it possible to have documentation on how to add/modify authentication groups?

 

 

0 Likes
0 Replies
MEGA International © 1994 - 2024. All rights reserved