I'm troubleshooting an issue with CUIC authentication failures and I'm looking for the name of the service that I need to pull logs for in RTMT that contains the LDAP authentication process. I've perused the 'Cisco Tomcat Security Logs' but this does not appear to be where logins to the web page are logged. Any help would be greatly appreciated.
Found one known defect (CSCtt31478) which might be related. It is fixed in 8.5(3),8.5(4), and 9.x. Which version of CUIC are you using?
Also request to refer the page 17 of User Guide for the Cisco Unified Intelligence Center Reporting Application.
For all domain (LDAP) users, once the LDAP server is configured in the Administration application, users in that domain can sign in to Unified IC. When they log in, they are added to the cuic database and appear on theUser List Page . The Security Administrator must assign user roles to them. To configure Active Directory in the Administration application, select Cluster Configuration > Reporting Configuration > Active Directory tab.
The login username format is <FQDN>\<username> or <subDomainName>\<username>
where <subDomainName> is the name of the last level of the sub domain. For example,
for <FQDN>: cuic.ccbu.cisco.com, the <SubDomainName> is cuic.
Domain\user name is case insensitive, but password is case sensitive.
Thanks and Regards,
In case anyone else is troubleshooting this issue you can capture the authentication logs by selecting the 'Intelligence Center Reporting Service' in RTMT. (Screenshot attached) Additionally you can run a network capture from the CLI via the 'utils network capture' command to see if you're able to hit your LDAP server.