Automic Workload Automation

Hi,

This seems like a question that should have an simple answer, but I'm unable to find any documentation.
My company is moving away from basic ldap and using ldapS with a service account.

For Automic, we are currently using UC_LDAP_DOMAIN in client 0, I see that in version 11 I can specify that it uses VERSION=2 for SSL, but I don't see anywhere where I can specify a user/password. Here is my connection settings that do NOT work.

 

https://us.v-cdn.net/5019921/uploads/editor/5p/wi53sj1id3m7.png" width="361">

Also, it says that for VERSION=2 it will use a JWP, do I need to have a JWP on each Automation Engine node/server or is 1 enough?

Thanks
Samah

I have this setup and yes Josef_Scharl_103  is correct.  You have to create a login object in client 0 and select the type of "LDAP" and enter the userid / password for the service account.

Then you need to go back to your UC_LDAP_CORP variable and enter in a keyword of SYNC_LOGIN and enter the login name.  Hope this helps.

And not even mentioning extra features of version 12 - I still think you want to have more than 1 JWP.  If the JWP goes down - no one would be able to login.  So always good to have a backup.  IMO.

I created a LOGIN object in Client 0. I then added the SYNC_LOGIN field. I then changed the port, the version, and the tls.

Then I tried to log into the ECC using my own account and I got access denied.

Here is the screen shot of the login and UC_LDAP_CORP variable.

https://us.v-cdn.net/5019921/uploads/editor/dq/jdhv0kzr3mnz.png" width="674">

I kept reading through the documentation and thought maybe it was the JWP ssl certificate.

So I ran the installcert command, and it turns out the ldap server is already trusted.

I compared my entries and only differences I see are:

In the UC_LDAP_*** variable I only have keywords, VERSION, SYNC_LOGIN, TLS, USE_DISTINGUISHED_NAME and SERVER.

I also just have Y for TLS, not Yes.  From the help it doesn't look like that's a problem, but otherwise - maybe you nee to add USE_DISTINGUISHED_NAME.

Also, in my login object in the Name field - I just have an *.  Not saying that right just letting you know what I have.

There are certain rights for accessing the ECC - are you sure those are set?  Can you login to the ECC with a non-LDAP account?  And this seems obvious, but on the USER object you have checkmarked the box for LDAP connection and clicked the button "synchronize with LDAP now"?  That right there should automatically populate the Distinguished Name field and let you know if it is working.

Hi,

The documentation says: 

Create a technical user by creating and using a Login object.
Follow these steps:

• Create a Login object with specific      credentials as technical user credentials.

• Register this Login object in the already      existing UC_LDAP_Domain variable (s.a.), using the key SYNC_LOGIN.

So I think creating a Login object, which contains the user and password for the technical user is the first step. Next is to specify this Login object in the UC_LDAP_Domain variable with the Key “SYNC_LOGIN” and Value1 equal to the name of the created Login object.

https://docs.automic.com/documentation/WEBHELP/English/all/components/AE/latest/All%20Guides/help.htm#ucaclo.htm

 

Concerning the number of JWPs, its sufficient having one on each Automation Engine node/server.
As of version 12 the JWP will have additional tasks (like a search engine), than it may make sense to have more JWPs.

KR, Josef