IPCC 3.5. (2) LDAP problem
Hello
I have install IPCC 3.5. (2) resistance co call server manager version 4.0 (2). well, they install not given any error. When I set it up on the configuration wizard just LDAP error
"There is breach by updating the LDAP protocol.
and also cisco CRA Engine Service does not start.
kindly tell me that I'm wrong SharePoint.pour.
This work all in that I make a laboratory for the purpose of Education and they all install on server MCS 7815 P4.
any help much appreciated.
It is possible that you are facing a problem of authentication. Click Start-> programs-> DC directory administrator and then authenticate the user name: 'Directory Manager' and the password you set up during installation of the call manager. Once you have checked that the password successfully connect you use this password in the LDAP configuration via appadmin.
Verify that the information in all fields are correct.
If you use the host name for the LDAP IP address configuration test.
Tags: Cisco Support
Similar Questions
-
Could Calendar services not available after restarting LDAP problem?
I followed the installation guide:
https://wikis.Oracle.com/display/CommSuite7U2/communications+suite+on+a+single+host+%28Linux%29#CommunicationsSuiteonaSingleHost%28Linux%29-InstallingCommunicationsSuite7Update2Software
I have correctly installed and configured the Server Update 2 Oracle UCS Sun7. Calendar works (if I don't reboot the server).
However, when I reboot the server, calendar service is not available.
Important information for when I installed Oracle UCS Dim 7 update 2 by following the installation guide:
I noticed when browsing through files, there is already a folder "dsee6" for the Linux Oracle I started from. After the installation of the example for the Oracle Linux 5 with GlassFish install, I had to download a new directory server. By following the instructions on page 7 of the listed installation guide above, I did another folder "dsee7". I wonder if I would have never downloaded this new directory server by following the instructions on page 6 "obtain software". In fact, the installation guide does not mention where to find the directory server, so I went to the site of delivery and figured it out myself. in any case, in the section 'Installing and configuring directory server', #3, I was instructed to "mv dsee7/opt/sun/directory. In this folder, / opt/sun/directory/bin, there is '. '. "/ dsadmin" utility that can be run. This serves to do many things with the directory server, including start-up. This is how I started it:
CD/opt/sun/directory/bin
. / create/var/opt/sun/directory/dsins1 dsadm
. / dsconf create suffix '0 = isp.
Also, I downloaded the delivery directory server - Oracle Directory Server Enterprise Edition 11 GR 1 material Patch Set 1 for Linux x 86-64
Then, I found myself running to implement:
. / dsccsetup ads - create
. / dsccsetup war-file-create
$. / dsccsetup cocoa-reg
. / dsccsetup State
Then, it seemed that dcss agent is registered in the cocoa.
So, if we pass to come to page 9 of the installation, "Preparation of the directory" guide, I ran this and prepared the directory. After installation is finished, I could restart the server directory without any problems, as long as I do not restart the machine. I would like to restart the server directory as follows:
CD/opt/sun/directory/bin
. / dsadmin stop-domain domain1
. / dsadmin start-domain domain1
However, if I rebooted the machine, I could always start and stop the server directory as shown. But the calendar Services were not available.
The only reason I question this LDAP server that can be the cause of this is because at one point, I had configured the services to run at startup. I followed these instructions:
https://wikis.Oracle.com/display/CommSuite7U2/start+and+stop+scripts+for+communications+suite+%28Linux%29
I use a VMSphere client to host this set upwards. So, given that this point the configuration of services at startup, I rode hanging at the rear so that services are more fixed upward to run at startup. But when they were, and I restarted the machine, I could see 389 ldap errors in all directions. So, which drive me to roll my snapshot in effort to try to correct the ldap errors. I no longer get LDAP errors as I drove my instant return. But, as I said, I have no more services, including LDAP, to start Protocol started as shown in the above link that tells us how.
After restarting, I run these commands to get the server up and running:
Start the GlassFish server:
CD/opt/sun/SUNWappserver/bin
. / startserv
Web start (mail server I think):
CD/opt/sun/comms/messaging64/bin
. / Start-msg
Start LDAP (directory server)
CD/opt/sun/directory/bin
. / dsadm start/var/opt/sun/directory/dsins1
Start Mysql
CD/etc/init.d
. / mysqld start
All these commands complete without problem. I can connect on the web of convergence, I can hit the Managing Director, I can connect to the GlassFish administration console, and I can see my calendar folder when I hit him in the web (http://myServer.com/davserver/dav/home/userName/calendar/).
So, in summary, I was wondering if anyone knows if it assumed that second directory server is causing problems since I started with Oracle Linux 5 and Oracle Linux 5 seems to have the dsee6 file already installed with it. Would be - why my calendar services do not start after reboot, but work before the reboot?
(Also, all my messages to keep deleted.) Can someone please send me an email if someone Oracle is deleting my messages and tell me why they are removed? )
Published by: ntfytim16 on March 5, 2012 07:41
Some of my steps were unserviceable. Cleaned them is easier to understand.You stop/start the GlassFish server container:
https://wikis.Oracle.com/display/CommSuite/Calendar+Server+7+Administration+Guide#CalendarServer7AdministrationGuide-StoppingandStartingCalendarServer
Joe
-
Hello
I've heard of someone to do not change the IP address of a Server LDAP after DS 6.3 is installed and configured.
Is there a known problem of changing the IP address of the LDAP work. As I had a test that all the basic functions have been
not affected even after changing the period of INQUIRY. This will affect all LDAP related such as the DSCC navigation features?
Thank you and best regards...It is not really such dependence unless you were doing replication using IP addresses instead of hostnames.
Dependencies on IP address that would break the administration were only in the products before 5.2 -
I was hitting my head on the desk this morning looking at this code. I don't know what I'm doing wrong. Can I cfdump the data I want, but then I can't go out with cfoutput. Here is the code:
< cfldap action = "QUERY".
name = 'userSearch '.
"" attributes = "*".
Start = "or is people, dc is myldapserver, dc = com"
Scope = "subtree".
Server = "myldapserver.com"
port = "xxxx".
Filter = "" #filter # ""
Security = "CFSSL_BASIC" >
< cfdump var = "" #userSearch # ">"
< cfoutput query = 'userSearch' > #givenName # < / cfoutput >
The cfdump returns the following:
query NAME VALUE 1 UID username 2 objectClass comPerson 3 givenName Jane 4 SN DOE 5 CN Jane Doe The cfoutput gives this error message: GIVENNAME Variable is not defined.
You have a query with 5 rows inside. It has two columns, respectively called 'Name' and 'value '. So when you try to access #givenName # fails because he doesn't know what you're going on.
Instead, you will need to check #userSearch.Name # (notice I've extended query column, always a good idea).
If you are particularly eager to get just the value of the givenName, you could refer to it like this (if you know it will always be the third column):
#userSearch.Name [3] #. NB: this will display just "givenName". So you should use maybe #userSearch.Value [3] #.
But it would be better to transform a struct of your query. In addition, loop over the query. Check the column name with each iteration of the loop. If Name = "givenName", the value of output column.
-
SSL VPN - ASA - Active Directory LDAP
Hello
Scenario: ASA 8.0 (3) running SSL VPN for remote users. LDAP also authenticates access and connect to the ASA.
For some reason any (we had a power failure, but the problem may be caused by other reasons as well), I can not connect to the ASA, as my login ID does not work, and remote users get connection error when trying to authenticate via SSL VPN web gui.
I have rebooted the ASA and AD without any change in the situation. This service worked very well before and the problem happened suddenly. No one has all the changes for the configs. Customer do not have a backup configuration. Any suggestion on what would be the best next action to solve this problem? I'm not expert on the Microsoft LDAP configuration, and if anyone knows where I can check in Microsoft windows server 2003 for the possible LDAP problem, that would be greatly appreciated.
Thank you
rdianat
the ldap bind account is just a normal user account. He didn't need even administrative permissions. If you want to use ldap for password changes he needs to password change permissions, but otherwise just a normal user account - make sure it cannot be locked in AD or the password never expires none of this things. you will see the name of the ldap account in the config of the SAA.
LDAP-login-password *.
LDAP-connection-dn *.
-
Managing Director and structures not dishes user/group
Hello, I am trying to build a directory structure with several containers under an organization allowing to memorize the different portions of userdata and group data (i.e. not only UO = unit of organization and people = group, but also a few UO like them). Server software is 7u2 OUCS release. Users in 'other' containers are filled in LDAP (ODSEE 11) by replication, filling the same attributes as a freshly created account by DA has.
The delegated administration interface and other parts of the software accept this and work well with this configuration, the user information display, which allows connections and so forth - with the exception of attempts to change the user accounts in the containers of spare in the DA (add/remove application solutions, change quotas, etc.). First of all, I checked that it is not a LDAP problem - I use both ldapmodify command line and a GUI LDAPBrowser to edit the entries with no hiccups.
I followed him that when you try to save the account information for the accounts in non-standard containers, the DA try always to use a path hardcoded (i.e. uid = username, ou = people, o = DOMAINNAME, dc = DOMAIN, dc = NAME) despite the fact that the user account is (and DA displays of) uid = USER name, or = morePeople, o = DOMAINNAME dc = DOMAIN, dc = NAME.
Eventually, this "hard code" follows DA configuration in WEB-INF/classes/sun/comm/cli/server/servlet/serverconfig.properties that the list of parts of the LDAP structure:
#############################################################################
#
# Ldap configuration.
# List of hosts from ldap. Form is < ldaphost >: < PortNumber >. (By default the port = 389)
# Add additional hosts with ldaphost - < number >
# Schema type is '1' or '2 '.
# Reconnect interval is in seconds
# Group and people container is dn of dn (for example ou = people) Organization
#
#############################################################################
ldaphost-1 = oucsldap01:389
ldaphost-2 = oucsldap02:389
ldaphost-suffix = dc = DOMAIN, dc = NAME
ldaphost-dcsuffix = dc = DOMAIN, dc = NAME
ldaphost-maxcount = 50
ldaphost-schematype = 2
ldaphost-reconnectinterval = 60
peoplecontainer ldaphost = or = People
groupcontainer ldaphost = or = Groups
ldaphost-orgadminrole = cn = Admin role organization
#####
While the root of organization dn is not explicit here (and shouldn't be), the container of default people is... I could guess a logical programming error like this: indeed, the 'or = People' container should be used by default when you create a user through the DA; as likely a mistake, it could also be used when editing existing users - instead of their full DN/existing parent DN.
Issues related to the:
(1) anyone have a working configuration with several containers of user/group in an organization like this? Would you care to share details and solutions, if he had to?
(2) I think that the 'field/organization shared hosting' mode might help here - at least it is planned to have several LDAP trees with their Managing Directors as a single e-mail domain. Before I go and reconfigure everything, I'd like to hear if there are stories of success with this route? It is a good solution (or solution) for this config?
Thank you
Jim KlimovI wanted to follow that reconfigure the directory structure according to domain hosting, with branches for SIE-synchronized accounts as one of the organizations which share the domain secondary and manually created accounts only OUCS being in another subsidiary organization. This method works for messaging components and the DA, as user ID are in OU = people in their organization. A little unfortunately, SIE config seems to allow only a single branch of target Department and set up groups (CN) here as well. Well, for our needs change the attributes of the user and application solutions via DA, that's enough. Sometimes, there are misfires (cannot save changes), but they are intermittent and more difficult to debug trace. usually disappear with the restart of the web container DA. Department LDAP instances are configured with plugins to apply the uniqueness of uid in the entire organization and the uniqueness of the values of the email messaging address attributes (mail, mailAlternateAddress, mailEqiuvalentAddress) in order to avoid setbacks between user accounts in different branches.
Also, we had a problem with the calendar server after migrating LDAP entries: since our deployment used the nsUniqueID for identification of calendar user, relocation of entries (as we did) generated new values for new entries and users got new databases empty caledar. It wasn't a major problem on this POC and latest releases OUCS with a davUniqueID attribute must be specifically immune to this problem. However, for the other trodding this way I can suggest that they export the LDAP database in LDIF, including unique identifiers, re-create the suffixes if necessary (the Organization SIE in Department target should be a separate suffix of LDAP database), edit the LDIF entry path and import the LDIF anew. This would erase the old LDAP data and should add nsUniqueIDs old entries moved unlike (recreation via ldapadd) or relocation via a ldapmodrdn.
We also hit a problem with DA refusing to return the list of accounts (that returns 0 or 25 empty entries in a table). LDAP logs showed that the Protocol LDAP side everything is ok, and expected responses amount was. Boss research often produced good food with a subset of users in da end, we linked the problem to binary EIS encoded base64 attributes (dspswuserlink and al.; some of these values as output garbaged commadmin queries in a terminal) and created an LDAP ACI, which forbade all our DA-admin user to read, to search compare these attributes. This solved the problem for us. I wonder if a more generic solution is possible, to apply this ACI not to a user explicitly named admin, but to all users with administrator privileges of DA (by group or role? what channel to cover them all in advance)? Or, perhaps, no one except the user account of EIS should see these attributes SIE?
Hope this report helps others who are experimenting at the forefront of this road to integration of messaging
Jim Klimov
-
LDAP on SAA with the attribute-card problem openldap
Hello, everyone:
I have a camera of the asa. the software version is 9.1. I have an openldap server, I want asa to use the ldap database to the anyconnect vpn authentication user. I've already finished. I have a problem now, I want to different groups assign different '-user group policy. " I use internal group policy on asa. I want to know how to get this attribute through LDAP group policy.
Note: I differentiate 'OR' user on openldap. for example, or = manager, ou = sales, OU = engineer.
Thank you, everyone.
Hello.
Here's what... .you're looking for ;)
Use of AAS of the LDAP Configuration attribute example cards
Kind regards.
#Rohan
-
IPCC Express 4.0 (4) SR01 installation problem
Hello
I tried to install the SR01 for 4.0 (4) IPCC Express using BARS, and in the fourth step of the Restore Wizard, when I run the tool to update CRS, a popup asks me to locate the patch file. Once I located the SR .tar file, an error message prompts the system fails to copy the contents of the .tar file.
The BAR is installed in the same machine that CRS, is the cause of this problem?
Make sure that there are no spaces in the path to your directory i.e. c:\patch update. Make the path to the c:\patchupdate square.
There are NO spaces in the path.
-
problems with the IPCC monitoring server port
I have 4.0 (4) IPCC Express Premium with Call Manager 4.1 (2). I have a server with two NIC a 'normal' IPCC and other oversight bodies. I have configured the port monitoring with a few other IP (172.16.255.10/24) and I set up RSPAN on switches. I see a call between officers and the appellants.
But, after a reboot of the server, I get the error that my server will stop after a minute. I cann't see ane packages from monitor port. When I disable the port monitor and restart the server everything is OK and then I can activate the monitor port and everything is OK.
I have nothing in the registry settings.
What should do?
Thank you
I had the same problem as you and this has solved my problem.
-
Laptop user moves between 2 servers the IPCC CAD problem
Call unique Manager cluster 4.02 SR1, separate the 2 servers of the IPCC (3.5 (3)) are installed, one in each building. 100 MB ethernet between the sites.
I have a user that moves between the 2 buildings. They have the installed CAD. How can I get the CAD turn to the IPCC correct server when the user changes buildings? Is there a. INI file that could be exchanged with a batch file or is it a bunch of registry entries that tell the CAD which server of the IPCC to connect to?
We do this from time to time, when you work with different clients. Assuming you have the same exact versions of software, which you say that you don't have, you can do it with only changes in registry. You must exchange the content of:
Setup HKEY_LOCAL_MACHINE\SOFTWARE\Spanlink\Site
and then run the agent. You can pick up the right CAD clients installed registry values, or you can get them on the respective servers of IPCCX who have exactly the same inputs in the same places. Use the registry editor to export the contents of this key in a file, their two servers or two customer installs. Give these two .reg files to the user.
Just a double click on the .reg files in Windows in the local registry (after confirmation), is important to crush what is already there. Then start the CAD and he will speak to the good LDAP directory and the server IPCCX.
-
Hello
I am able to get the LDAP authentication works for the VPN, but when I go to test a user that is not defined in the VPN group in the ad, they are still able to authenticate and access to the VPN. I'm at a loss for what is the real problem, because everything seems to be set correctly.
I joined newspapers in debugging ldap for a user that works properly and that a user that does not work properly. I think that they should be able to authenticate to a group JOB_ADMINS_VPN and if they are not in this group then they should be denied rights of VPN connection.
LDAP attribute-map JOB_ADMIN_MAP
name of the memberOf Group Policy map
map-value memberOf CN = JOB_ADMINS_VPN, OU = VPN, DC = test, dc = net JOB_ADMINS
AAA-server JOB_ADMINS protocol ldap
AAA-server JOB_ADMINS (Prod) 10.5.1.11
LDAP-base-dn DC = test, DC = net
OR LDAP-group-base dn = VPN, DC = test, DC = net
LDAP-scope subtree
LDAP-naming-attribute sAMAccountName
LDAP-login-password *.
LDAP-connection-dn CN = saVPNLDAP, CN = Users, DC = test, DC = net
microsoft server type
LDAP-attribute-map JOB_ADMIN_MAP
I don't know miss me something small, but I don't know what I'm missing. Any contributions to this number will be grately apperciated.
Thank you!
Please review the below listed config and see what hand you lack of other "sh run" of the SAA.
Configuration to limit access to a particular group of windows on AD
internal group noaccess strategy
attributes of the strategy group noaccess
VPN - connections 1
address pools no
LDAP LDAP of attribute-map-MAP
name of the memberOf IETF-Radius-class card
map-value memberOf
AAA-Server LDAP-AD ldap Protocol
AAA-Server LDAP-AD
Server-port 389
LDAP-base-dn
LDAP-scope subtree
LDAP-naming-attribute sAMAccountName
LDAP-connection-dn
LDAP-login-password
microsoft server type
LDAP-attribute-map LDAP-map
Group Policy internal
attributes of group policy
VPN - connections 3
Protocol-tunnel-VPN IPSec l2tp ipsec...
value of address pools
.....
.....
type of tunnel-group-remote access
global-tunnel-group attributes
Group-AD-LDAP authentication server
NoAccess by default-group-policy
!
!
attributes of the strategy group noaccess
VPN - concurrent connections 0
Jatin kone
-Does the rate of useful messages-
-
Configure the vco to LDAP (openldap):
Group Search Base: OU = Group, dc = admin, dc = example, dc = com (successfully)
cn admin_group =, ou = group, dc = admin, dc = example, dc = com
Error:
Selected administration group isn't a group or the chosen LDAP client type is inappropriate.
But admin_group is in fact a group, see:
[root@lsfdc1 aaa] # slapcat s dc = example, dc = com
bdb_db_open: warning - no DB_CONFIG file found in the/var/lib/ldap directory: (2).
Expect poor performance for suffix "dc = example, dc = com".
DN: dc = example, dc = com
objectClass: dcObject
objectClass: Organization
objectClass: top
DC: example
o: corporation
Description: LDAP server
structuralObjectClass: Organization
entryUUID: 0432c87a-4815-1033-9b4e-c92a34293f8e
creatorsName: cn = Manager, dc is example, dc = com
createTimestamp: 20140325025758Z
entryCSN: 20140325025758.919334Z #000000 #000 #000000
modifiersName: cn = Manager, dc is example, dc = com
modifyTimestamp: 20140325025758Z
DN: dc = admin, dc = example, dc = com
objectClass: dcObject
objectClass: Organization
objectClass: top
DC: admin
o: admin
structuralObjectClass: Organization
entryUUID: 043356be-4815-1033-9b4f-c92a34293f8e
creatorsName: cn = Manager, dc is example, dc = com
createTimestamp: 20140325025758Z
entryCSN: 20140325025758.922987Z #000000 #000 #000000
modifiersName: cn = Manager, dc is example, dc = com
modifyTimestamp: 20140325025758Z
DN: or = users, dc = admin, dc = example, dc = com
objectClass: organizationalUnit
objectClass: top
UO: user
structuralObjectClass: organizationalUnit
entryUUID: 0433b974-4815-1033-9b50-c92a34293f8e
creatorsName: cn = Manager, dc is example, dc = com
createTimestamp: 20140325025758Z
entryCSN: 20140325025758.925516Z #000000 #000 #000000
modifiersName: cn = Manager, dc is example, dc = com
modifyTimestamp: 20140325025758Z
DN: or = group, dc = admin, dc = example, dc = com
objectClass: organizationalUnit
objectClass: top
organizational unit: Group
structuralObjectClass: organizationalUnit
entryUUID: 043463f6-4815-1033-9b51-c92a34293f8e
creatorsName: cn = Manager, dc is example, dc = com
createTimestamp: 20140325025758Z
entryCSN: 20140325025758.929881Z #000000 #000 #000000
modifiersName: cn = Manager, dc is example, dc = com
modifyTimestamp: 20140325025758Z
DN: cn = admin_group, or = group, dc = admin, dc = example, dc = com
objectClass: posixGroup
objectClass: top
CN: admin_group
gidNumber: 10000
memberUid: Admin
structuralObjectClass: posixGroup
entryUUID: 043475d0-4815-1033-9b52-c92a34293f8e
creatorsName: cn = Manager, dc is example, dc = com
createTimestamp: 20140325025758Z
entryCSN: 20140325025758.930339Z #000000 #000 #000000
modifiersName: cn = Manager, dc is example, dc = com
modifyTimestamp: 20140325025758Z
DN: uid = Admin, ou = users, dc = admin, dc = example, dc = com
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
gidNumber: 10000
SN: Admin
displayName: Admin
UID: Admin
homeDirectory: / home/Admin
CN: Admin
uidNumber: 10000
userPassword: e1NTSEF9SkgzdTA3bjgrMUNqOUZSTzNqWHAxcnpJZXNISXZTL1c =
loginShell: / bin/sh
structuralObjectClass: inetOrgPerson
entryUUID: 0436d0b4-4815-1033-9b53-c92a34293f8e
creatorsName: cn = Manager, dc is example, dc = com
createTimestamp: 20140325025758Z
entryCSN: 20140325025758.945771Z #000000 #000 #000000
modifiersName: cn = Manager, dc is example, dc = com
modifyTimestamp: 20140325025758Z
DN: uid = pcmae_user, dc = admin, dc = example, dc = com
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
gidNumber: 0
SN: pcmae_user
displayName: pcmae_user
UID: pcmae_user
homeDirectory: / tmp
CN: pcmae_user
uidNumber: 10001
userPassword: MmY3MjU0ZGM =
loginShell: / bin/sh
structuralObjectClass: inetOrgPerson
entryUUID: 0439839a-4815-1033-9b54-c92a34293f8e
creatorsName: cn = Manager, dc is example, dc = com
createTimestamp: 20140325025758Z
entryCSN: 20140325025758.963459Z #000000 #000 #000000
modifiersName: cn = Manager, dc is example, dc = com
modifyTimestamp: 20140325025758Z
DN: cn = vmware, or = group, dc = admin, dc = example, dc = com
objectClass: posixGroup
objectClass: top
CN: vmware
memberUid: Admin
gidNumber: 11577
structuralObjectClass: posixGroup
entryUUID: f228f69c-4826-1033-8a78-17f207c52dd8
creatorsName: cn = Manager, dc is example, dc = com
createTimestamp: 20140325050619Z
entryCSN: 20140325050619.597137Z #000000 #000 #000000
modifiersName: cn = Manager, dc is example, dc = com
modifyTimestamp: 20140325050619Z
DN: cn = vco, dc is admin, dc = example, dc = com
objectClass: posixGroup
objectClass: top
CN: vco
memberUid: Admin
gidNumber: 1906
structuralObjectClass: posixGroup
entryUUID: c1f36a8c-4828-1033-8a79-17f207c52dd8
creatorsName: cn = Manager, dc is example, dc = com
createTimestamp: 20140325051917Z
entryCSN: 20140325051917.709032Z #000000 #000 #000000
modifiersName: cn = Manager, dc is example, dc = com
modifyTimestamp: 20140325051917Z
DN: cn = abc, dc is admin, dc = example, dc = com
objectClass: groupOfUniqueNames
objectClass: top
CN: abc
uniqueMember: uid = Admin, ou = users, dc = admin, dc = example, dc = com
structuralObjectClass: groupOfUniqueNames
entryUUID: 6cedd136-4831-1033-8a7a-17f207c52dd8
creatorsName: cn = Manager, dc is example, dc = com
createTimestamp: 20140325062120Z
entryCSN: 20140325062120.536569Z #000000 #000 #000000
modifiersName: cn = Manager, dc is example, dc = com
modifyTimestamp: 20140325062120Z
Can someone tell me what is the problem I have?
You have the incorrect object for the group class. vCO using groupOfNames
-
Hello guys, hope you had a great weekend.
My question is this.
We have 2 environments have all two OBIEE 11.7 installed on one is called DEV and other Production
LDAP is configured on both servers and work perfectly.
The problem is that on our PROD environment 3 users can not connect via LDAP, but on DEV they connect perfectly.
Any suggestions of what might cause this problem?
Concerning
Benoit
Using Catalog Manager offline
Try to delete the files specific user to PROD webcat (just at the bottom of the housing to the top of their content)
Update the GUID
then try to connect with the user
-
Problem with LDAP in the APEX and not in sql query * more
Hello everyone.
Hereby, I refer to an existing thread: Query LDAP APEX
I have a problem using LDAP in the APEX (DB version: 11.2.0.2.0;) APEX version: 4.0)
I get "Authentication failed" by their SUMMIT. However, when I run it in SQL * more (SQL Developer) (I created it as seen in the referenced forum thread) it works! Can I use my own function, but that looks like reinventing the wheel.
We must search the sAMAccountName because that contains our login credentials (dennis.surname). The common name is just our full name (Dennis Surname)l_ldap_host := 'oursite.be'; l_ldap_port := '389'; l_ldap_domn := 'oursite'; l_ldap_user := i_username; l_ldap_pass := i_pw; l_ldap_base := 'ou=oursite,dc=oursite,dc=be'; dbms_ldap.use_exception := true; l_session := dbms_ldap.init(l_ldap_host,l_ldap_port); l_retval := dbms_ldap.simple_bind_s(l_session, l_ldap_domn||'\'||l_ldap_user, l_ldap_pass); l_attrs(1) := 'name'; l_attrs(2) := 'title'; l_retval := dbms_ldap.search_s( l_session, l_ldap_base, dbms_ldap.scope_subtree, '(sAMAccountName='||l_ldap_user||')', l_attrs, 0, l_message ); l_retval := dbms_ldap.count_entries(l_session, l_message);
At the SUMMIT, I have these settings:
* LDAP host: oursite.be
* Port: 389
Use SSL: No SSL
Use exact DN: No.
* String DN: ou = oursite, dc = oursite, dc = be
* Search filter: sAMAccountName = % LDAP_USER %
When I try to test it I get "Authentication failed" but I don't know why. It works very well in sql * more (in the the same pattern of course!) so I have really no idea what I'm doing wrong. In addition, the message comes instantly and sql * more it takes about a second to authenticate.
I tried so many things! remove the 'or '. Connect with my name, change 'cn = % LDAP_USER %' filter, connect with dennis.surname and Dennis Surname, using exact DN,... and all the possible combinations of them... Nothing works.
I can go further by using my own function, but I really want to use the settings of the APEX, because it's so much easier.
Thanks in advance for help out me!
DennisHi Dennis,
Try this
The exact use DN Yes value
Change your DN string to%LDAP_USER%@domain
or
domain\%LDAP_USER%
The authentication uses a simple_bind_s. You must use the same syntax in these text boxes. You actually do a single with bond
dbms_ldap.simple_bind_s(l_session, 'sAMAccountName=' || l_ldap_user, l_ldap_pass);
It does not work. It's the syntax to use in the search for search_s filter.
Please keep in mind that the apex_040100 (for apex 4.1) user must connect the rights on the domain server.
-
Dear all,
This is my first interaction with VCeneter Orchestrator and I am facing a problem in the configuration of the LDAP configuration. He expects the Strait for me but he said Dungeon "configuration Ldap registered successfully, but the configuration is wrong.»
Connection error: LDAP successful but no users found. Check LDAP paths.
Group Admin not found error
I don't know what I did so wrong if someone could guide me to set this configuration in the right way.
I entered the name of the domain controller and test the connectivity by using Telnet and everything was fine. Only the root using unique name format exported from Active directory using the DSQuery command.
the resource used was VM_ Orc. configuration guide.
Your accesnance is much appreciated.
Thank you.
Ahmed Salah
For example, assuming that a field of acme.corp with all users in the default location and the groups in the default location, you configure the paths as follows. This example uses a group named 'vcoadmins' with the 'administrator' account a member of this group:
Root: dc = acme, dc = corp
User name: [email protected]
User search base: cn = users, dc = acme, dc = corp
Group search base: cn = users, dc = acme, dc = corp
vCO Admin group: cn = vcoadmins, cn = users, dc = acme, dc = corp
This help at all?
Maybe you are looking for
-
I have a y460p, it works well, all of a sudden he never turn on with the AC adapter / CC. He gets on with his battery and works well. I checked the adapter with the ohmmeter and output voltage seemed normal This problem is related to hardware or soft
-
problem installing driver cDAQ 9174
Hello I am a new user of LabVIEW and just got our first shipement material today of 2 x cDaq 9174 with analog i/o. I tried to install the driver for several hours without success. At the beginning of the installation, I get an error message that says
-
I use samsung GT C 3222 can I download whatsapp on my phone
I tried to download whatsapp on my GT C 3222 samsung but have failed.
-
Update map for Pavilion Desktop HPE his 1260t h8
I want to buy a new sound card to upgrade my audio quality. Can someone tell me what size of slot / and or should I be looking for the type of card? Any info would be greatly appreciated!
-
Horizontal scrolling for the GridField Manager problem
Hi all I have my working in the Application in which I have my display my data using GridField Manager. I used the code in the example given in link by tboatright of the user. Now in my application, I used the extension of the screen and it automatic