Info:
This article addresses the problem of not being able to login as the local Admin account after integrating Venafi Director with Active Directory
Applies To:
All versions of Director
Cause:
After integrating Venafi Director with Active Directory/LDAP, login requests are first attempted to authenticate against Active Directory/LDAP. If there is a user account in Active Directory/LDAP that matches the same username that exists locally in Director, by default we will attempt to authenticate to the Active Directory/LDAP account.
Resolution:
If you are trying to login with the username Admin to your local Identity, login with "local:Admin" (without the quotes). This tells Director to not attempt to authenticate to Active Directory/LDAP but to only use the local Identity system for authentication.
Venafi supports ranking Identity Providers. Typically local identity providers are ranked higher and therefore AD or LDAP identities will be checked first.
Alternative Resolution:
Rename either the Active Directory account or the local Director Identity account so there isn't two accounts with the same username
Comments