IPCC 3.5. (2) LDAP problem

Similar Questions

• Could Calendar services not available after restarting LDAP problem?

  I followed the installation guide:
  
  https://wikis.Oracle.com/display/CommSuite7U2/communications+suite+on+a+single+host+%28Linux%29#CommunicationsSuiteonaSingleHost%28Linux%29-InstallingCommunicationsSuite7Update2Software
  
  I have correctly installed and configured the Server Update 2 Oracle UCS Sun7. Calendar works (if I don't reboot the server).
  
  
  However, when I reboot the server, calendar service is not available.
  
  
  Important information for when I installed Oracle UCS Dim 7 update 2 by following the installation guide:
  
  I noticed when browsing through files, there is already a folder "dsee6" for the Linux Oracle I started from. After the installation of the example for the Oracle Linux 5 with GlassFish install, I had to download a new directory server. By following the instructions on page 7 of the listed installation guide above, I did another folder "dsee7". I wonder if I would have never downloaded this new directory server by following the instructions on page 6 "obtain software". In fact, the installation guide does not mention where to find the directory server, so I went to the site of delivery and figured it out myself. in any case, in the section 'Installing and configuring directory server', #3, I was instructed to "mv dsee7/opt/sun/directory. In this folder, / opt/sun/directory/bin, there is '. '. "/ dsadmin" utility that can be run. This serves to do many things with the directory server, including start-up. This is how I started it:
  
  CD/opt/sun/directory/bin
  . / create/var/opt/sun/directory/dsins1 dsadm
  . / dsconf create suffix '0 = isp.
  
  Also, I downloaded the delivery directory server - Oracle Directory Server Enterprise Edition 11 GR 1 material Patch Set 1 for Linux x 86-64
  
  Then, I found myself running to implement:
  
  . / dsccsetup ads - create
  . / dsccsetup war-file-create
  $. / dsccsetup cocoa-reg
  . / dsccsetup State
  
  Then, it seemed that dcss agent is registered in the cocoa.
  
  So, if we pass to come to page 9 of the installation, "Preparation of the directory" guide, I ran this and prepared the directory. After installation is finished, I could restart the server directory without any problems, as long as I do not restart the machine. I would like to restart the server directory as follows:
  
  CD/opt/sun/directory/bin
  . / dsadmin stop-domain domain1
  . / dsadmin start-domain domain1
  
  However, if I rebooted the machine, I could always start and stop the server directory as shown. But the calendar Services were not available.
  
  The only reason I question this LDAP server that can be the cause of this is because at one point, I had configured the services to run at startup. I followed these instructions:
  
  https://wikis.Oracle.com/display/CommSuite7U2/start+and+stop+scripts+for+communications+suite+%28Linux%29
  
  I use a VMSphere client to host this set upwards. So, given that this point the configuration of services at startup, I rode hanging at the rear so that services are more fixed upward to run at startup. But when they were, and I restarted the machine, I could see 389 ldap errors in all directions. So, which drive me to roll my snapshot in effort to try to correct the ldap errors. I no longer get LDAP errors as I drove my instant return. But, as I said, I have no more services, including LDAP, to start Protocol started as shown in the above link that tells us how.
  
  After restarting, I run these commands to get the server up and running:
  
  Start the GlassFish server:
  CD/opt/sun/SUNWappserver/bin
  . / startserv
  
  Web start (mail server I think):
  CD/opt/sun/comms/messaging64/bin
  . / Start-msg
  
  Start LDAP (directory server)
  CD/opt/sun/directory/bin
  . / dsadm start/var/opt/sun/directory/dsins1
  
  Start Mysql
  CD/etc/init.d
  . / mysqld start
  
  All these commands complete without problem. I can connect on the web of convergence, I can hit the Managing Director, I can connect to the GlassFish administration console, and I can see my calendar folder when I hit him in the web (http://myServer.com/davserver/dav/home/userName/calendar/).
  
  So, in summary, I was wondering if anyone knows if it assumed that second directory server is causing problems since I started with Oracle Linux 5 and Oracle Linux 5 seems to have the dsee6 file already installed with it. Would be - why my calendar services do not start after reboot, but work before the reboot?
  
  
  (Also, all my messages to keep deleted.) Can someone please send me an email if someone Oracle is deleting my messages and tell me why they are removed? )
  
  Published by: ntfytim16 on March 5, 2012 07:41
  
  Some of my steps were unserviceable. Cleaned them is easier to understand.

  You stop/start the GlassFish server container:

  https://wikis.Oracle.com/display/CommSuite/Calendar+Server+7+Administration+Guide#CalendarServer7AdministrationGuide-StoppingandStartingCalendarServer

  Joe

• LDAP problem

  Hello
  I've heard of someone to do not change the IP address of a Server LDAP after DS 6.3 is installed and configured.
  Is there a known problem of changing the IP address of the LDAP work. As I had a test that all the basic functions have been
  not affected even after changing the period of INQUIRY. This will affect all LDAP related such as the DSCC navigation features?
  Thank you and best regards...

  It is not really such dependence unless you were doing replication using IP addresses instead of hostnames.
  Dependencies on IP address that would break the administration were only in the products before 5.2

• Out LDAP problem

  I was hitting my head on the desk this morning looking at this code.  I don't know what I'm doing wrong. Can I cfdump the data I want, but then I can't go out with cfoutput.  Here is the code:

  < cfldap action = "QUERY".

  name = 'userSearch '.

  "" attributes = "*".

  Start = "or is people, dc is myldapserver, dc = com"

  Scope = "subtree".

  Server = "myldapserver.com"

  port = "xxxx".

  Filter = "" #filter # ""

  Security = "CFSSL_BASIC" >

  < cfdump var = "" #userSearch # ">"

  < cfoutput query = 'userSearch' > #givenName # < / cfoutput >

  The cfdump returns the following:

  query
  	NAME	VALUE
  1	UID	username
  2	objectClass	comPerson
  3	givenName	Jane
  4	SN	DOE
  5	CN	Jane Doe

  The cfoutput gives this error message: GIVENNAME Variable is not defined.

  You have a query with 5 rows inside.  It has two columns, respectively called 'Name' and 'value '.  So when you try to access #givenName # fails because he doesn't know what you're going on.

  Instead, you will need to check #userSearch.Name # (notice I've extended query column, always a good idea).

  If you are particularly eager to get just the value of the givenName, you could refer to it like this (if you know it will always be the third column):

  #userSearch.Name [3] #.

  NB: this will display just "givenName".  So you should use maybe #userSearch.Value [3] #.

  But it would be better to transform a struct of your query.  In addition, loop over the query.  Check the column name with each iteration of the loop.  If Name = "givenName", the value of output column.

• SSL VPN - ASA - Active Directory LDAP

  Hello

  Scenario: ASA 8.0 (3) running SSL VPN for remote users. LDAP also authenticates access and connect to the ASA.

  For some reason any (we had a power failure, but the problem may be caused by other reasons as well), I can not connect to the ASA, as my login ID does not work, and remote users get connection error when trying to authenticate via SSL VPN web gui.

  I have rebooted the ASA and AD without any change in the situation. This service worked very well before and the problem happened suddenly. No one has all the changes for the configs. Customer do not have a backup configuration. Any suggestion on what would be the best next action to solve this problem? I'm not expert on the Microsoft LDAP configuration, and if anyone knows where I can check in Microsoft windows server 2003 for the possible LDAP problem, that would be greatly appreciated.

  Thank you

  rdianat

  the ldap bind account is just a normal user account. He didn't need even administrative permissions. If you want to use ldap for password changes he needs to password change permissions, but otherwise just a normal user account - make sure it cannot be locked in AD or the password never expires none of this things. you will see the name of the ldap account in the config of the SAA.

  LDAP-login-password *.

  LDAP-connection-dn *.

• Managing Director and structures not dishes user/group

  Hello, I am trying to build a directory structure with several containers under an organization allowing to memorize the different portions of userdata and group data (i.e. not only UO = unit of organization and people = group, but also a few UO like them). Server software is 7u2 OUCS release. Users in 'other' containers are filled in LDAP (ODSEE 11) by replication, filling the same attributes as a freshly created account by DA has.
  
  The delegated administration interface and other parts of the software accept this and work well with this configuration, the user information display, which allows connections and so forth - with the exception of attempts to change the user accounts in the containers of spare in the DA (add/remove application solutions, change quotas, etc.). First of all, I checked that it is not a LDAP problem - I use both ldapmodify command line and a GUI LDAPBrowser to edit the entries with no hiccups.
  
  I followed him that when you try to save the account information for the accounts in non-standard containers, the DA try always to use a path hardcoded (i.e. uid = username, ou = people, o = DOMAINNAME, dc = DOMAIN, dc = NAME) despite the fact that the user account is (and DA displays of) uid = USER name, or = morePeople, o = DOMAINNAME dc = DOMAIN, dc = NAME.
  
  Eventually, this "hard code" follows DA configuration in WEB-INF/classes/sun/comm/cli/server/servlet/serverconfig.properties that the list of parts of the LDAP structure:
  
  #############################################################################
  #
  # Ldap configuration.
  # List of hosts from ldap. Form is < ldaphost >: < PortNumber >. (By default the port = 389)
  # Add additional hosts with ldaphost - < number >
  # Schema type is '1' or '2 '.
  # Reconnect interval is in seconds
  # Group and people container is dn of dn (for example ou = people) Organization
  #
  #############################################################################
  ldaphost-1 = oucsldap01:389
  ldaphost-2 = oucsldap02:389
  ldaphost-suffix = dc = DOMAIN, dc = NAME
  ldaphost-dcsuffix = dc = DOMAIN, dc = NAME
  ldaphost-maxcount = 50
  ldaphost-schematype = 2
  ldaphost-reconnectinterval = 60
  peoplecontainer ldaphost = or = People
  groupcontainer ldaphost = or = Groups
  ldaphost-orgadminrole = cn = Admin role organization
  #####
  
  While the root of organization dn is not explicit here (and shouldn't be), the container of default people is... I could guess a logical programming error like this: indeed, the 'or = People' container should be used by default when you create a user through the DA; as likely a mistake, it could also be used when editing existing users - instead of their full DN/existing parent DN.
  
  Issues related to the:
  
  (1) anyone have a working configuration with several containers of user/group in an organization like this? Would you care to share details and solutions, if he had to?
  
  (2) I think that the 'field/organization shared hosting' mode might help here - at least it is planned to have several LDAP trees with their Managing Directors as a single e-mail domain. Before I go and reconfigure everything, I'd like to hear if there are stories of success with this route? It is a good solution (or solution) for this config?
  
  Thank you
  Jim Klimov

  I wanted to follow that reconfigure the directory structure according to domain hosting, with branches for SIE-synchronized accounts as one of the organizations which share the domain secondary and manually created accounts only OUCS being in another subsidiary organization. This method works for messaging components and the DA, as user ID are in OU = people in their organization. A little unfortunately, SIE config seems to allow only a single branch of target Department and set up groups (CN) here as well. Well, for our needs change the attributes of the user and application solutions via DA, that's enough. Sometimes, there are misfires (cannot save changes), but they are intermittent and more difficult to debug trace. usually disappear with the restart of the web container DA. Department LDAP instances are configured with plugins to apply the uniqueness of uid in the entire organization and the uniqueness of the values of the email messaging address attributes (mail, mailAlternateAddress, mailEqiuvalentAddress) in order to avoid setbacks between user accounts in different branches.

  Also, we had a problem with the calendar server after migrating LDAP entries: since our deployment used the nsUniqueID for identification of calendar user, relocation of entries (as we did) generated new values for new entries and users got new databases empty caledar. It wasn't a major problem on this POC and latest releases OUCS with a davUniqueID attribute must be specifically immune to this problem. However, for the other trodding this way I can suggest that they export the LDAP database in LDIF, including unique identifiers, re-create the suffixes if necessary (the Organization SIE in Department target should be a separate suffix of LDAP database), edit the LDIF entry path and import the LDIF anew. This would erase the old LDAP data and should add nsUniqueIDs old entries moved unlike (recreation via ldapadd) or relocation via a ldapmodrdn.

  We also hit a problem with DA refusing to return the list of accounts (that returns 0 or 25 empty entries in a table). LDAP logs showed that the Protocol LDAP side everything is ok, and expected responses amount was. Boss research often produced good food with a subset of users in da end, we linked the problem to binary EIS encoded base64 attributes (dspswuserlink and al.; some of these values as output garbaged commadmin queries in a terminal) and created an LDAP ACI, which forbade all our DA-admin user to read, to search compare these attributes. This solved the problem for us. I wonder if a more generic solution is possible, to apply this ACI not to a user explicitly named admin, but to all users with administrator privileges of DA (by group or role? what channel to cover them all in advance)? Or, perhaps, no one except the user account of EIS should see these attributes SIE?

  Hope this report helps others who are experimenting at the forefront of this road to integration of messaging

  Jim Klimov

• LDAP on SAA with the attribute-card problem openldap

  Hello, everyone:

  I have a camera of the asa. the software version is 9.1. I have an openldap server, I want asa to use the ldap database to the anyconnect vpn authentication user. I've already finished. I have a problem now, I want to different groups assign different '-user group policy. " I use internal group policy on asa. I want to know how to get this attribute through LDAP group policy.

  Note: I differentiate 'OR' user on openldap. for example, or = manager, ou = sales, OU = engineer.

  Thank you, everyone.

  Hello.

  Here's what... .you're looking for ;)

  Use of AAS of the LDAP Configuration attribute example cards

  Kind regards.

  #Rohan

• IPCC Express 4.0 (4) SR01 installation problem

  Hello

  I tried to install the SR01 for 4.0 (4) IPCC Express using BARS, and in the fourth step of the Restore Wizard, when I run the tool to update CRS, a popup asks me to locate the patch file. Once I located the SR .tar file, an error message prompts the system fails to copy the contents of the .tar file.

  The BAR is installed in the same machine that CRS, is the cause of this problem?

  Make sure that there are no spaces in the path to your directory i.e. c:\patch update. Make the path to the c:\patchupdate square.

  There are NO spaces in the path.

• problems with the IPCC monitoring server port

  I have 4.0 (4) IPCC Express Premium with Call Manager 4.1 (2). I have a server with two NIC a 'normal' IPCC and other oversight bodies. I have configured the port monitoring with a few other IP (172.16.255.10/24) and I set up RSPAN on switches. I see a call between officers and the appellants.

  But, after a reboot of the server, I get the error that my server will stop after a minute. I cann't see ane packages from monitor port. When I disable the port monitor and restart the server everything is OK and then I can activate the monitor port and everything is OK.

  I have nothing in the registry settings.

  What should do?

  Thank you

  I had the same problem as you and this has solved my problem.

• Laptop user moves between 2 servers the IPCC CAD problem

  Call unique Manager cluster 4.02 SR1, separate the 2 servers of the IPCC (3.5 (3)) are installed, one in each building. 100 MB ethernet between the sites.

  I have a user that moves between the 2 buildings. They have the installed CAD. How can I get the CAD turn to the IPCC correct server when the user changes buildings? Is there a. INI file that could be exchanged with a batch file or is it a bunch of registry entries that tell the CAD which server of the IPCC to connect to?

  We do this from time to time, when you work with different clients. Assuming you have the same exact versions of software, which you say that you don't have, you can do it with only changes in registry. You must exchange the content of:

  Setup HKEY_LOCAL_MACHINE\SOFTWARE\Spanlink\Site

  and then run the agent. You can pick up the right CAD clients installed registry values, or you can get them on the respective servers of IPCCX who have exactly the same inputs in the same places. Use the registry editor to export the contents of this key in a file, their two servers or two customer installs. Give these two .reg files to the user.

  Just a double click on the .reg files in Windows in the local registry (after confirmation), is important to crush what is already there. Then start the CAD and he will speak to the good LDAP directory and the server IPCCX.

• LDAP authentication problems

  Hello

  I am able to get the LDAP authentication works for the VPN, but when I go to test a user that is not defined in the VPN group in the ad, they are still able to authenticate and access to the VPN. I'm at a loss for what is the real problem, because everything seems to be set correctly.

  I joined newspapers in debugging ldap for a user that works properly and that a user that does not work properly. I think that they should be able to authenticate to a group JOB_ADMINS_VPN and if they are not in this group then they should be denied rights of VPN connection.

  LDAP attribute-map JOB_ADMIN_MAP

  name of the memberOf Group Policy map

  map-value memberOf CN = JOB_ADMINS_VPN, OU = VPN, DC = test, dc = net JOB_ADMINS

  AAA-server JOB_ADMINS protocol ldap

  AAA-server JOB_ADMINS (Prod) 10.5.1.11

  LDAP-base-dn DC = test, DC = net

  OR LDAP-group-base dn = VPN, DC = test, DC = net

  LDAP-scope subtree

  LDAP-naming-attribute sAMAccountName

  LDAP-login-password *.

  LDAP-connection-dn CN = saVPNLDAP, CN = Users, DC = test, DC = net

  microsoft server type

  LDAP-attribute-map JOB_ADMIN_MAP

  I don't know miss me something small, but I don't know what I'm missing. Any contributions to this number will be grately apperciated.

  Thank you!

  Please review the below listed config and see what hand you lack of other "sh run" of the SAA.

  Configuration to limit access to a particular group of windows on AD

  internal group noaccess strategy

  attributes of the strategy group noaccess

  VPN - connections 1

  address pools no

  LDAP LDAP of attribute-map-MAP

  name of the memberOf IETF-Radius-class card

  map-value memberOf

  AAA-Server LDAP-AD ldap Protocol

  AAA-Server LDAP-AD

  Server-port 389

  LDAP-base-dn

  LDAP-scope subtree

  LDAP-naming-attribute sAMAccountName

  LDAP-connection-dn

  LDAP-login-password

  microsoft server type

  LDAP-attribute-map LDAP-map

  Group Policy internal

  attributes of group policy

  VPN - connections 3

  Protocol-tunnel-VPN IPSec l2tp ipsec...

  value of address pools

  .....

  .....

  type of tunnel-group-remote access

  global-tunnel-group attributes

  Group-AD-LDAP authentication server

  NoAccess by default-group-policy

  !

  !

  attributes of the strategy group noaccess

  VPN - concurrent connections 0

  Jatin kone

  -Does the rate of useful messages-

• Configure the vco authetication way CAN LDAP fails, can someone tell me what is the problem I have

  Configure the vco to LDAP (openldap):

  Group Search Base: OU = Group, dc = admin, dc = example, dc = com (successfully)

  vCO Admin group: cn admin_group =, ou = group, dc = admin, dc = example, dc = com

  Error:

  Selected administration group isn't a group or the chosen LDAP client type is inappropriate.

  But admin_group is in fact a group, see:

  [root@lsfdc1 aaa] # slapcat s dc = example, dc = com

  bdb_db_open: warning - no DB_CONFIG file found in the/var/lib/ldap directory: (2).

  Expect poor performance for suffix "dc = example, dc = com".

  DN: dc = example, dc = com

  objectClass: dcObject

  objectClass: Organization

  objectClass: top

  DC: example

  o: corporation

  Description: LDAP server

  structuralObjectClass: Organization

  entryUUID: 0432c87a-4815-1033-9b4e-c92a34293f8e

  creatorsName: cn = Manager, dc is example, dc = com

  createTimestamp: 20140325025758Z

  entryCSN: 20140325025758.919334Z #000000 #000 #000000

  modifiersName: cn = Manager, dc is example, dc = com

  modifyTimestamp: 20140325025758Z

  DN: dc = admin, dc = example, dc = com

  objectClass: dcObject

  objectClass: Organization

  objectClass: top

  DC: admin

  o: admin

  structuralObjectClass: Organization

  entryUUID: 043356be-4815-1033-9b4f-c92a34293f8e

  creatorsName: cn = Manager, dc is example, dc = com

  createTimestamp: 20140325025758Z

  entryCSN: 20140325025758.922987Z #000000 #000 #000000

  modifiersName: cn = Manager, dc is example, dc = com

  modifyTimestamp: 20140325025758Z

  DN: or = users, dc = admin, dc = example, dc = com

  objectClass: organizationalUnit

  objectClass: top

  UO: user

  structuralObjectClass: organizationalUnit

  entryUUID: 0433b974-4815-1033-9b50-c92a34293f8e

  creatorsName: cn = Manager, dc is example, dc = com

  createTimestamp: 20140325025758Z

  entryCSN: 20140325025758.925516Z #000000 #000 #000000

  modifiersName: cn = Manager, dc is example, dc = com

  modifyTimestamp: 20140325025758Z

  DN: or = group, dc = admin, dc = example, dc = com

  objectClass: organizationalUnit

  objectClass: top

  organizational unit: Group

  structuralObjectClass: organizationalUnit

  entryUUID: 043463f6-4815-1033-9b51-c92a34293f8e

  creatorsName: cn = Manager, dc is example, dc = com

  createTimestamp: 20140325025758Z

  entryCSN: 20140325025758.929881Z #000000 #000 #000000

  modifiersName: cn = Manager, dc is example, dc = com

  modifyTimestamp: 20140325025758Z

  DN: cn = admin_group, or = group, dc = admin, dc = example, dc = com

  objectClass: posixGroup

  objectClass: top

  CN: admin_group

  gidNumber: 10000

  memberUid: Admin

  structuralObjectClass: posixGroup

  entryUUID: 043475d0-4815-1033-9b52-c92a34293f8e

  creatorsName: cn = Manager, dc is example, dc = com

  createTimestamp: 20140325025758Z

  entryCSN: 20140325025758.930339Z #000000 #000 #000000

  modifiersName: cn = Manager, dc is example, dc = com

  modifyTimestamp: 20140325025758Z

  DN: uid = Admin, ou = users, dc = admin, dc = example, dc = com

  objectClass: posixAccount

  objectClass: top

  objectClass: inetOrgPerson

  gidNumber: 10000

  SN: Admin

  displayName: Admin

  UID: Admin

  homeDirectory: / home/Admin

  CN: Admin

  uidNumber: 10000

  userPassword: e1NTSEF9SkgzdTA3bjgrMUNqOUZSTzNqWHAxcnpJZXNISXZTL1c =

  loginShell: / bin/sh

  structuralObjectClass: inetOrgPerson

  entryUUID: 0436d0b4-4815-1033-9b53-c92a34293f8e

  creatorsName: cn = Manager, dc is example, dc = com

  createTimestamp: 20140325025758Z

  entryCSN: 20140325025758.945771Z #000000 #000 #000000

  modifiersName: cn = Manager, dc is example, dc = com

  modifyTimestamp: 20140325025758Z

  DN: uid = pcmae_user, dc = admin, dc = example, dc = com

  objectClass: posixAccount

  objectClass: top

  objectClass: inetOrgPerson

  gidNumber: 0

  SN: pcmae_user

  displayName: pcmae_user

  UID: pcmae_user

  homeDirectory: / tmp

  CN: pcmae_user

  uidNumber: 10001

  userPassword: MmY3MjU0ZGM =

  loginShell: / bin/sh

  structuralObjectClass: inetOrgPerson

  entryUUID: 0439839a-4815-1033-9b54-c92a34293f8e

  creatorsName: cn = Manager, dc is example, dc = com

  createTimestamp: 20140325025758Z

  entryCSN: 20140325025758.963459Z #000000 #000 #000000

  modifiersName: cn = Manager, dc is example, dc = com

  modifyTimestamp: 20140325025758Z

  DN: cn = vmware, or = group, dc = admin, dc = example, dc = com

  objectClass: posixGroup

  objectClass: top

  CN: vmware

  memberUid: Admin

  gidNumber: 11577

  structuralObjectClass: posixGroup

  entryUUID: f228f69c-4826-1033-8a78-17f207c52dd8

  creatorsName: cn = Manager, dc is example, dc = com

  createTimestamp: 20140325050619Z

  entryCSN: 20140325050619.597137Z #000000 #000 #000000

  modifiersName: cn = Manager, dc is example, dc = com

  modifyTimestamp: 20140325050619Z

  DN: cn = vco, dc is admin, dc = example, dc = com

  objectClass: posixGroup

  objectClass: top

  CN: vco

  memberUid: Admin

  gidNumber: 1906

  structuralObjectClass: posixGroup

  entryUUID: c1f36a8c-4828-1033-8a79-17f207c52dd8

  creatorsName: cn = Manager, dc is example, dc = com

  createTimestamp: 20140325051917Z

  entryCSN: 20140325051917.709032Z #000000 #000 #000000

  modifiersName: cn = Manager, dc is example, dc = com

  modifyTimestamp: 20140325051917Z

  DN: cn = abc, dc is admin, dc = example, dc = com

  objectClass: groupOfUniqueNames

  objectClass: top

  CN: abc

  uniqueMember: uid = Admin, ou = users, dc = admin, dc = example, dc = com

  structuralObjectClass: groupOfUniqueNames

  entryUUID: 6cedd136-4831-1033-8a7a-17f207c52dd8

  creatorsName: cn = Manager, dc is example, dc = com

  createTimestamp: 20140325062120Z

  entryCSN: 20140325062120.536569Z #000000 #000 #000000

  modifiersName: cn = Manager, dc is example, dc = com

  modifyTimestamp: 20140325062120Z

  Can someone tell me what is the problem I have?

  You have the incorrect object for the group class. vCO using groupOfNames

• Problems of the LDAP USERS

  Hello guys, hope you had a great weekend.

  My question is this.

  We have 2 environments have all two OBIEE 11.7 installed on one is called DEV and other Production

  LDAP is configured on both servers and work perfectly.

  The problem is that on our PROD environment 3 users can not connect via LDAP, but on DEV they connect perfectly.

  Any suggestions of what might cause this problem?

  Concerning

  Benoit

  Using Catalog Manager offline

  Try to delete the files specific user to PROD webcat (just at the bottom of the housing to the top of their content)

  Update the GUID

  then try to connect with the user

• Problem with LDAP in the APEX and not in sql query * more

  Hello everyone.
  
  Hereby, I refer to an existing thread: Query LDAP APEX
  
  I have a problem using LDAP in the APEX (DB version: 11.2.0.2.0;) APEX version: 4.0)
  
  I get "Authentication failed" by their SUMMIT. However, when I run it in SQL * more (SQL Developer) (I created it as seen in the referenced forum thread) it works! Can I use my own function, but that looks like reinventing the wheel.
  

      l_ldap_host := 'oursite.be';
      l_ldap_port := '389';
      l_ldap_domn := 'oursite';
      l_ldap_user := i_username;
      l_ldap_pass := i_pw;
      l_ldap_base := 'ou=oursite,dc=oursite,dc=be';
  
  
      dbms_ldap.use_exception := true;
      
      l_session  := dbms_ldap.init(l_ldap_host,l_ldap_port);
      l_retval   := dbms_ldap.simple_bind_s(l_session, l_ldap_domn||'\'||l_ldap_user, l_ldap_pass);    
      l_attrs(1) := 'name';
      l_attrs(2) := 'title';
      l_retval   := dbms_ldap.search_s(
                      l_session, 
                      l_ldap_base, 
                      dbms_ldap.scope_subtree, 
                      '(sAMAccountName='||l_ldap_user||')',
                      l_attrs,
                      0,
                      l_message
                    );
  
      l_retval := dbms_ldap.count_entries(l_session, l_message);

  We must search the sAMAccountName because that contains our login credentials (dennis.surname). The common name is just our full name (Dennis Surname)
  
  
  At the SUMMIT, I have these settings:
  
  * LDAP host: oursite.be
  * Port: 389
  Use SSL: No SSL
  Use exact DN: No.
  * String DN: ou = oursite, dc = oursite, dc = be
  * Search filter: sAMAccountName = % LDAP_USER %
  
  
  When I try to test it I get "Authentication failed" but I don't know why. It works very well in sql * more (in the the same pattern of course!) so I have really no idea what I'm doing wrong. In addition, the message comes instantly and sql * more it takes about a second to authenticate.
  
  I tried so many things! remove the 'or '. Connect with my name, change 'cn = % LDAP_USER %' filter, connect with dennis.surname and Dennis Surname, using exact DN,... and all the possible combinations of them... Nothing works.
  
  I can go further by using my own function, but I really want to use the settings of the APEX, because it's so much easier.
  
  Thanks in advance for help out me!
  Dennis

  Hi Dennis,

  Try this

  The exact use DN Yes value
  Change your DN string to

  %LDAP_USER%@domain
  

  or

  domain\%LDAP_USER%
  

  The authentication uses a simple_bind_s. You must use the same syntax in these text boxes. You actually do a single with bond

  dbms_ldap.simple_bind_s(l_session, 'sAMAccountName=' || l_ldap_user, l_ldap_pass);
  

  It does not work. It's the syntax to use in the search for search_s filter.

  Please keep in mind that the apex_040100 (for apex 4.1) user must connect the rights on the domain server.

• LDAP configuration problems

  Dear all,

  This is my first interaction with VCeneter Orchestrator and I am facing a problem in the configuration of the LDAP configuration. He expects the Strait for me but he said Dungeon "configuration Ldap registered successfully, but the configuration is wrong.»

  Connection error: LDAP successful but no users found. Check LDAP paths.

  Group Admin not found error

  I don't know what I did so wrong if someone could guide me to set this configuration in the right way.

  I entered the name of the domain controller and test the connectivity by using Telnet and everything was fine. Only the root using unique name format exported from Active directory using the DSQuery command.

  the resource used was VM_ Orc. configuration guide.

  Your accesnance is much appreciated.

  Thank you.

  Ahmed Salah

  For example, assuming that a field of acme.corp with all users in the default location and the groups in the default location, you configure the paths as follows. This example uses a group named 'vcoadmins' with the 'administrator' account a member of this group:

  Root: dc = acme, dc = corp

  User name: [email protected]

  User search base: cn = users, dc = acme, dc = corp

  Group search base: cn = users, dc = acme, dc = corp

  vCO Admin group: cn = vcoadmins, cn = users, dc = acme, dc = corp

  This help at all?