TC - LDAP settings

When configuring LDAP on a TYCS, he asked a port. The tip next to the bed 389 or 3268. These are the only values that will accept this device? We try to use an address that is well known for the configuration, but it is a failure so I was wondering if me trying to use port 626 is causing a problem.

Thank you

Robert

Hello, Robert

TCS does not support the connection via LDAPS (port 636). You must use 389 or 3268.

Not sure if this is any help in your game, but if the domain controller is also configured as a global catalog, it can also support LDAP over SSL on port TCP 3269.

Thank you

Rafal

Tags: Cisco Support

Similar Questions

  • Move user profile my account to new LDAP settings

    Hello

    I have two related questions about authentication LDAP with OBIEE,

    1. If we change the LDAP server in LDAP1 FMW-> LDAP2 dose (MSAD OID example) GUID will change?
    2. If the GUID gets change how to move user profiles, my account settings?

    Thank you!

    Hello

    The idea of GUID is to link the user with its objects and when you refresh them, the user gets a new GUID number and its objects, even a new so it should have access to all of its current objects.

  • How to choose the LDAP settings in the authentication scheme?

    Hello

    I'm not LDAP expert by any stretch of the imagination ("newbie" would probably be a much better description of my 'expert' level), so please help me understand in simple terms why I'm not going to put up the correct authentication scheme.

    When you use Softerra LDAP Browser 2.6 from my PC (where Apex 3.2 is also running in an instance of Oracle 11 g), I can successfully connect to an LDAP service and see all of the directory by using the following parameters:
    -Host: 10.34.70.236
    -Port: 389
    -User DN: cn = RIS, OU = RIS, or = Applications, OU = Services, o = BMGC
    -Password is empty

    When you configure the LDAP authentication scheme, I use the same settings:
    -LDAP host: 10.34.70.236
    -LDAP Port: 389
    -String LDAP DN: cn = RIS, or = RIS, ou = Applications, OU = Services, o = BMGC

    When you try to log in with my user name, I get error of authentication fr.

    -How is it supposed to work?
    -How is he (supposedly) find my user name in LDAP full?
    -How the LDAP_USER parameter is used?
    -Where can I learn more about this topic?
    - And finally and above all, how can I make this work as any user in the LDAP service can connect but no one else do?

    Thanks in advance,

    Gabor

    In the LDAP DN string field, you would put % LDAP_USER % where you want your user name typed-in (from the logon page) to go, for example,.

    CN = % LDAP_USER %, or = RIS, or = Applications, OU = Services, o = BMGC

    This becomes the DN DBMS_LDAP argument. SIMPLE_BIND_S and the password for your login page is used as the argument of PASSWD SIMPLE_BIND_S.

    How is it (supposedly) find my user name in LDAP full?

    You must know the exact structure of the directory to find out where your username is present.

    And finally and above all, how can I make this work as any user in the LDAP service can connect but no one else?

    If the verification of user name and password succeeds on the LDAP directory, then authentication is successful and that the user will be connected. I don't know what is the other case.

    Scott

  • LDAP configuration with vFoglight 6.5

    Im trying to configure LDAP services within our domain for use with vFoglight. My goal is to have a group operator and administrator group that uses our AD accounts instead of "local." I'm not sure if I have properly configure all LDAP settings. Can someone check my settings and let me know where can be the problem?

    Also under Administration > users & security management > user management > groups; The LDAP group button is grayed out. If the LDAP settings are correct this button will become live?

    Here are our settings:
    Account is anonymous. fake Unique name of the service account. Contoso . com\svc_acct password | **** LDAP query prefix | CN= Query LDAP suffix. OU = site, DC = corp, DC = contoso, DC = com The scopes to search for groups | UO = site, DC = corp, DC = contoso, DC = com The second space of group names. UO = site, DC = corp, DC = contoso, DC = com The third namespace group | "in white" The LDAP context for the user's search. UO = site, DC = corp, DC = contoso, DC = com Role attribute ID | name Is Role DN attribute | fake ID of user alias attribute | sAMAccountName ID of the attribute to search for groups | members Match the DN of the user. true JAAS LoginModule name | Security for JACQUES com.quest.nitro.service.security.auth.spi.NitroExtendedLdapLoginModule name field. FGL-web-console Group ID parent attribute | memberOf Attribute of the group to search for nested groups. members Maximum level of group nesting. 15 LDAP search time (milliseconds). 10 000 mode of research group | direct

    I hope that your problem has been resolved but support. You can also check our free training site: http://svgtraining.quest.com/ which has a video on the LDAP configuration.

  • VCS do not trust certificate - configuration of the LDAP user

    I have a cluster of 2 Telepresence VCS-control in the same network (vlan) and a bunch of 2 telepresence Expressway to same DMZ network (vlan). And both are on the same site. The two masters counterparts I managed to synchronize the servers against the ldap server (AD), but two of the slave with the same config for users/certificate/ldap settings fail. .  "DNS Uable to resolve the address of the LDAP server It seems to me that the peers do not trust the certificate.

    Newspapers that you attached are newspapers events and diagnostic logs not VCS. However according to these newspapers, it seems that VCS slave is not able to connect to the ldap server. If DNS resolution is probably ongoing, but the tcp/tls connection is not established.

    I recommend to make a journal of diagnosis (Maintenance > Diagnostics > diagnostic logging) everything by reproducing the connection failed to see what part of the connection fails.

    If you root for VCS slave access you may also connect as root via ssh and then run the following command:

    > tcpdump-port tcp s0

    Insert the port you use to connect to ldap in the field and then press ENTER. you will now see all the traffic to and from the port. Do you see some resets? Is traffic in one direction? This will help you understand why failure is implemented.

  • LDAP test page is a hidden page Apex 4.2?

    Hello
    my understanding is that, until a certain version of the Summit there was a test page link LDAP provided somewhere in the page "Edit authentication scheme" when LDAP authentication was selected.

    In 4.2.5 and above all I do not see this link anywhere, but I can still reach the LDAP test tool on page 4000:3890 if I change the URL manually.

    Is my understanding correct or am I missing something?

    Thank you

    Flavio

    Yes, it has been removed in version 4.x - currently, the question was followed through Bug 15929196 - LDAP TEST TOOL NOT AVAILABLE for APEX 4.2

    News for Apex 5 is:

    To create/edit page (4000:4495) authentication scheme now contains the button "Test ". " LDAP connection" which appears under certain conditions when the authentication scheme is "LDAP Directory". Clicking this button opens the page to Test LDAP (4000:3890) in a new window, where the connection can be tested. This page also allows to the to change the LDAP settings. The "Apply Changes" button can be used to write settings back to the authentication Scheme page.


    Bug also, mentions in a PL/SQL block as possible workaround:

    Start
    If apex_ldap.authenticate)
    p_username-online "Smith."
    p_password-online "John."
    p_search_base => ' or = people, dc = example, dc = com ",
    p_host-online "localhost."
    p_port-online 389,
    p_use_ssl-online "n")
    then
    sys.dbms_output.put_line ('Authenticated');
    on the other
    sys.dbms_output.put_line ("authentication failed");
    end if;
    end;

  • Configuration of LDAP 8.3 Primavera

    Hello

    I have installed and configured the primavera 8.3.

    its working fine.

    Now, I want to configure the LDAP protocol in the primavera.

    Note,

    To configure the LDAP protocol, must ssl certificate required information?

    Please suggest me.

    Concerning

    Kumar

    Hi Kumar,

    That error numbers appears as a match to the KB in reference to a question about LDAP SSL (LDAPS) so I suspect that there could be a few details in the LDAP/SSL field.

    What I recommend doing is this:

    (1) in the application of Admin of P6 under the Authentication tab. Go to Configuration of Primavera P6-> authentication-> connection = Native Mode.

    (2) in the application of Admin of P6 under the Authentication tab. Go to Configuration of Primavera P6-> Database Instance [name - db]-> Authentication Mode = native.

    Save the changes

    (3) you should now be able to connect to the client with the original credentials application.

    Once logged in, go to the Admin-> users and create a new Admin superuser with a user/login-name name that corresponds to your windows account name (which is unlikely to be 'admin', at least I expect 'administrator' or 'kumar' or another similar term)

    (If you are using EPPM, then add the user via the web instead of the client).

    Set the password to something that is different from your windows login password (this help to determine who is sync correctly when it fails and your windows password, it works).

    Disconnect you and test you can connect with this 'native' account (fact that you have not forgotten the access to the module or anything else)

    4) date back to the App's Admin P6 and change the following

    Authentication tab go to Configuration of Primavera P6->-> connection Mode = LDAP authentication.

    Authentication tab go to Configuration of Primavera P6-> authentication-> Web Single Sign On - don't change anything below here

    Authentication tab go to Configuration of Primavera P6->-> LDAP authentication - don't change anything below here (SSL certificate store must be empty, default password can be left as it is)

    Authentication tab go to Configuration of Primavera P6-> Database Instance [name - db]-> Authentication Mode = LDAP

    The parameters below may require a few tries to find the correct combo for your environment

    Authentication tab go to Configuration of Primavera P6-> Database Instance [name - db]-> connection settings LDAP-> Host = servername for your LDAP server (try the servername and servername.domain)

    Authentication tab go to Configuration of Primavera P6-> Database Instance [name - db]-> connection-> Port = 389 LDAP settings (636 is SSL, if your LDAP server is on something else that 389 type this)

    Authentication tab go to Configuration of Primavera P6-> Database Instance [name - db]-> connection-> Username = user authenticated LDAP settings to read it from the LDAP server (try the username and user domain\username and FQDN\username (i.e. domain.com\username) - the last of them, I did it for a required client DOMAIN\username). I also generally try to do this the user you created for connection/test with

    Authentication tab go to Configuration of Primavera P6-> Database Instance [name - db]-> connection settings LDAP-> password = password above the user

    Authentication tab go to Configuration of Primavera P6-> Database Instance [name - db]-> connection-> Enable = false SSL LDAP settings

    Authentication tab go to Configuration of Primavera P6-> Database Instance [name - db]-> connection-> Chase Referalls LDAP settings = let to true but depending on your server, you may want / need to assign false)

    Authentication tab go to Configuration of Primavera P6-> Database Instance [name - db]->-> node Base Directory, the LDAP connection settings: path to your server ldap in the "folder" / object with users, it is or = users, dc = xyz, dc = com

    Authentication tab go to Configuration of Primavera P6-> Database Instance [name - db]-> LDAP connection settings ---> Preferred Pool Size, Connection TImeout and maximum Pool size leave default

    Authentication tab go to Configuration of Primavera P6-> Database Instance [name - db]-LDAP-> Field connection settings - > Map-> User_Name = usually change this to sAMAccountName if you use Active Directory. The rest I leave as default, but this can depend on your ldap server.

    Press to save changes and sign in with your windows the test account Details.

    Concerning

    Alex

  • The Lab Manager Ldap integration

    I, ve configured a vSphere/ESX environment of OTA in a subnet of 172.10.1.0/24.

    Open ports on our firewall to manage OTA from our direct environment. Online subnet: 10.128.0.0/16

    Installed Labmanager 4.0 and add it to the field in the environment of the OTA.

    Everything works fine. After you open the port 389, I want to synchronize LDAP.

    When I do "Test LDAP settings" I get the following error:

    Ldap.jpg

    I read that it is not best practice to place a LM server in a domain.

    http://blog.aarondelp.com/2010/03/VMware-Lab-Manager-install-notes-and.html

    I tried the Ldap synchronization with the server of LM in a working group, but also, it does not work.

    Tried with the domain admin user, manually add the ldap port, it was left empty, different DN, nothing worked.

    Read also in the article is not to name the server labmanager LM, and that's exactly what I did...

    Also the lab Manager folder described in the article was not created in vCenter.

    I think uninstall LM, rename the virtual computer and reinstall LM. I don't know if it will solve this problem.

    I hope someone has a solution...

    Thank you...

    the 'test' LDAP settings actually trying to find the account provided credentials.  It's like a back loop... I should be able to find me before as I find other people.

    If the test account is not in the basic DN path of research, but can locate other accounts then it should.

    Best regards

    Jon Hemming

  • change local LDAP to Active Directory user is impossible (LCM device 1.0.1)

    I try to change user for access to the page web vmo but connection failed if I try to access

    in VMO with credentials differs from the standard (lcmadmin/admin,

    lcmuser/utilisateur, ecc... set in embedded LDAP).

    I have Active Directory settting and connection test is successful.

    With this work the connection in orchestrator web config: UO = e list groups, DC = domain, DC = local (I set it in list e gruppi: lcmadmins)

    The VMO admins I put: CN = lcmadmins, OU = e list groups, DC = domain, DC = local (I add a member user lcmadmins)

    Can you help me because the connection with Active

    Directory is successful but I don't enable HOV access with

    identification of user AD information?

    Best regards

    Andrea.

    It is not possible to change LDAP settings for LCM workflows, once initialization of the LCM.

  • Cannot change password user AD of ASA

    ASA 8.4 running. I have the password-management enabled on the tunnel group, LDAP over SSL is activated, but when I test in defining an account to require password change after the next connection, the new page password required loads (clientless) and allows to enter password again. After continue to knock, he returned to the login page user name with this message above the username field

    "

    Cannot complete the password change, because the password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.

    ".

    Yet, I am able to change the password at the same time a post work, so there is no policy of gp who refuses change of password. We have minimum days 0 and no complexity required. I'll meet the minimum length.

    a debug output when I hit continue it after entering the new password:

    Starting a session [10068]

    New [10068] Session, request the 0x74637d10 context, reqType = change password

    Started fiber [10068]

    [10068] LDAP context with uri = ldaps://192.168.102.15:636

    [10068] to connect to the LDAP server: ldaps://192.168.102.15:636, status = success

    supportedLDAPVersion [10068]: value = 3

    supportedLDAPVersion [10068]: value = 2

    [10068] link as asauser

    Authentication Simple running [10068] to asauser to 192.168.102.15

    Search LDAP [10068]:

    Base DN = [DC = subdomain, DC = company, DC = com]

    Filter = [[email protected] / * /]

    Range = [subtree]

    DN of the user [10068] = [CN = useraccount, CN = Users, DC = subdomain, DC = company, DC = com]

    [10068] talk to Active Directory 192.168.102.15

    [10068] password for reading strategy for [email protected] / * /dn:CN = useraccount, CN = Users, DC = subdomain, DC = company, DC = com

    Bad password count [10068] reading 0

    [10068] change password for [email protected] / * / password successfully converted to unicode

    [10068] output fiber Tx = 759 bytes Rx = 2959 bytes, status =-1

    End of session [10068]

    If 'asauser' is not yet a member of the "account operators" group, add to this group.

    There is an enhancement request to do this work without special privileges, see:

    CSCtq54856    ENH: Support for the management of w/o rights connection LDAP Admin DN password

    HTH

    Herbert

    EDIT:

    Just to further clarify for those hitting this thread in the search for a solution to the same problem: the 'asauser' in the above example is the user who is configured in the ASA LDAP settings:

    AAA-server ldap protocol ldap

    AAA-server ldap (inside) host 10.0.0.2

    Server-port 636

    LDAP-base-dn cn = users, dc = CISCOTEST, dc = COM

    LDAP-login-password *.

    LDAP-connection-dn asauser

    enable LDAP over ssl

    microsoft server type

    While this user (the one defined with ldap-connection-"dn") must be in the group account opertators, not all vpn users.

  • Add/import user in the Org issues

    Hello, I am attemping to import a user to LDAP using the SDK and then share a paralytic with this user.  I'm trying to adapt the code example that shows how to add a user to do this.

    First, using the code example as it is to simply add a user is throw the following exception to the (UserType userType) AdminOrganization.CreateUser call:

    Unexpected error. Model object must be an object of OrganizationUser - model object must be an object of OrganizationUser

    I don't understand what an OrganizationUser object.

    Hello

    To import LDAP users. You can use the CreateUser().

    Ensure

    1 specify that the user is not a local user, but an external ldap user.

    ldapUser.IsExternal = true;
    ldapUser.IsExternalSpecified = true;
    2. the Organization ldap settings is configured properly.
    Kind regards
    Rajesh Kamal.

  • SSO to OBIEE by using IIS.

    Hi experts,

    I configured SSO in OBIEE located on IIS. Our OBIEE is LDAP configured.

    I created the user in RPD. When I connect to my system with the user and browse url it direct me to the dashboard (SSO works).

    But when user B (which is not created in OBIEE DPR) but exist in AD try to browse URLs it get the page: you are not currently loged in.

    What is the problem... ?

    For block init USER use your LDAP data source and assing the USER sAMAccountName, make sure you set "necessary for authention".
    Also, make sure that the ldap settings are accurate.

    If it helps pls brand.

    Updates on this?

    Published by: Srini VIEREN on 6 December 2012 06:51

  • The IIOP listener/Manager with SSL security

    Hello

    I'm looking in securing client connections CORBA to ISL/ISH with SSL. The client authentication is not required, just the server authentication and encryption. After reviewing the documentation, I have a few questions about it.

    1. the manual of ' security in the CORBA Applications using"indicates that an LDAP server is used as the repository of certificate for the certificate server ISL/ISH. Are there alternatives to this like using a key file or LDAP is the only option?

    2. is it possible to configure the LDAP server (server name, port, etc.) without having to re - install Tuxedo?

    Concerning
    Ian

    Ian,

    Tuxedo uses a plugin framework architecture to manage the certificates and it is possible to replace the plugin framework implementations.

    In order to change the framework plugin interfaces that you need to get the information about the orders of FRP * and the framework of plugin, interfaces, and you will need to write code. Plugin framework documentation is made available on a basis as needed.

    As documented in http://download.oracle.com/docs/cd/E15261_01/tuxedo/docs11gr1/sec/secadm.html#wp1239453, "For more information about security plug-ins, including the installation and configuration procedures, see your Oracle account manager."

    The 'epifregedt g' command shows the current configuration of the plugin framework.
    The command "epifregedt g k SYSTEM/impl/security/BEA/certificate_lookup" simply shows security/BEA/certificate_lookup interface settings.
    The command "epifregedt g k SYSTEM/impl/security/BEA/certificate_lookup-a Params" shows that the parameters of this interface is instantiated.
    Suppose that the result of this command is
    Security/BEA/certificate_lookup of the ŒUVRE layout

    Instantiation settings:
    "userCertificateLdap = ldap://localhost:389".
    'filterFileLocation=file:///home/tuxdir/udataobj/security/bea_ldap_filter.dat '.

    Then the command
    epifregedt s k SYSTEM/impl/security/BEA/certificate_lookup.
    -a Params = userCertificateLdap = ldap://abcxyz:1389 /------.
    -a Params=filterFileLocation=file:///home/tuxdir/udataobj/security/bea_ldap_filter.dat

    will change the location of LDAP to ldap://abcxyz:1389.
    Note that it is necessary to specify the filterFileLocation with this command, even if it does not evolve.

    Thus, it is not necessary to reinstall Tuxedo to change LDAP settings.

    Because the registry change orders can be difficult to use, you can experiment with these commands on a development system or you can
    Export REG_KEY_SYSTEM =System.rdp
    CP $TUXDIR/udataobj/System.rdp $REG_KEY_SYSTEM
    before experimenting with epifregedt-s. (the value of REG_KEY_SYSTEM replaces the default value of $TUXDIR/udataobj/System.rdp).

    Kind regards
    Ed

  • How to add LDAP with group settings

    I created an OU = Company, under this anouther OU OU = VPNACCESS, under this group called VPN.

    I don't want that in this particular group (VPN) to authenticate users. However, this is not case. All users under OU = company are able to authenticate.

    My settings are as below:

    AAA-server TESTLDAP (inside) host X.X.X.X

    OR LDAP base dn = Company, DC = Company, DC = AE

    LDAP-group-base-dn CN = vpn, OR = vpnaccess, OU = Company, DC = Company, DC = AE

    LDAP-scope subtree

    LDAP-naming-attribute sAMAccountName

    LDAP-login-password *.

    LDAP-connection-dn CN = binduser, OR = vpnaccess, OU = Company, DC = Company, DC = AE

    microsoft server type

    Hi Mary,

    You can get this to work but a little differently.

    You can have users of VPN access to connect to a particular group.

    To do this, you can use the Ldap attribute map

    Here is the link you can follow

    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00808d1a7c.shtml

    HTH!

    Concerning

    Regnier

    Please note all useful posts

  • vFoglgiht have developed Ldaps?

    vFoglight have LDAPS support?

    my Windows AD is open LDAPS, vFoglight view log application error LDAP,.

    So narrow Windows AD LDAPS, via the LDAP protocol is OK

    vFoglight is suppoirt secure LDAP.

    Setting up a connection encrypted with SSL LDAP

    Use the following instructions if you need to encrypt communication between the administration server and the LDAP server.

    To encrypt communication between the administration server and LDAP:

    1: acquire the certificate for the LDAP server to the administrator .pem format.

    2: import the certificate into the keystore of administration server, \jre\lib\security\cacerts (default password: changeit), with the following command:

    \jre\bin\keytool-import - file - alias ldapsvrcert - keystore - storepass

    Note: If you do not specify the password by using the - storepass, keytool you asked to provide.

    3: in the Panel of navigation, under the dashboard, click Administration > users & security > Directory Services settings.

    4: under LDAP locations, click on change.

    5: specify the URL of the LDAP server in the following format:

    LDAPS://ldap_server_host_name:636

    Note: The LDAP over SSL port number is usually 636. Confirm the correct port with your LDAP server administrator number.

    6: restart the management server.

    Here is the link to the document online:

    http://eDOCS.quest.com/vFoglight/66/doc/core/installation-windowsMysql/Installing_MgmtServer.046.5.php

    HTH,

    -Larry

Maybe you are looking for