CQ5.5 and ldap integration/synchronization

Hi,
I have been trying to integrate ldap with CQ5.5 on Win7 machine. Following are the steps I have taken:
1. Installed cq-service-pack-5.5.2.20121012.zip
2. Installed cq-update-pkg-5.5.10.zip
1. Created F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf file with following content:
com.day.crx {
   com.day.crx.core.CRXLoginModule optional
   tokenExpiration="1800000";
   com.day.crx.security.ldap.LDAPLoginModule required
              principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"
              tokenExpiration="1800000"
              host="xx.xx.xx.xx"
              port="636"
              secure="true"
              authDn="adt\\taduser"
              authPw="xxxxxx"
              userRoot="OU=publish,OU=people,DC=adt,DC=com"
              userIdAttribute="userPrincipalName"
              autocreate="create"
              autocreate.path="none"
              autocreate.user.firstName="rep:firstName"
              autocreate.user.mail="profile/email"
              autocreate.user.sn="profile/familyName"
              autocreate.user.cn="rep:fullname"
              groupRoot="OU=publish,OU=group,DC=adt,DC=com"
              groupNameAttribute="CN"
              autocreate.group.description="description"
              autocreate.group.cn="rep:groupName"
              groupMembershipAttribute="member"
              userFilter="(objectClass=person)"
              groupFilter="(objectClass=group)"
              cache.expiration="1"
              cache.maxsize="1";
2. Updated F:\installed\cq5\author\crx-quickstart\repository\repository.xml with:
<?xml version="1.0" encoding="ISO-8859-1"?>













<!DOCTYPE Repository PUBLIC "-//Day Management AG//DTD CRX 2.4//EN"
                            "http://www.day.com/dtd/repository-2.4.dtd">
<Repository>
    
    
    <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
        <param name="path" value="${rep.home}/repository"/>
    </FileSystem>
    
    <DataStore class="com.day.crx.core.data.ClusterDataStore"/>
    
    <Security appName="com.day.crx">
        
        
        <SecurityManager class="com.day.crx.core.CRXSecurityManager">
        
                        <WorkspaceAccessManager class="org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager"/>
                        <UserManager class="com.day.crx.core.CRXUserManagerImpl">
                        <param name="usersPath" value="/home/users"/>
                        <param name="groupsPath" value="/home/groups"/>
                        <param name="defaultDepth" value="1"/>
                        </UserManager>
            
            
        </SecurityManager>
                    
        <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
        
        <LoginModule class="com.day.crx.core.CRXLoginModule">
            <param name="anonymousId" value="anonymous"/>
            <param name="adminId" value="admin"/>
            <param name="disableNTLMAuth" value="true"/>
            <param name="tokenExpiration" value="43200000"/>
            
        </LoginModule>
    </Security>
    
    <Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="crx.default" maxIdleTime="5"/>
    
    <Workspace name="${wsp.name}" simpleLocking="true">
        
        <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
            <param name="path" value="${wsp.home}"/>
        </FileSystem>
        
        <PersistenceManager class="com.day.crx.persistence.tar.TarPersistenceManager"/>
        
        <SearchIndex class="com.day.crx.query.lucene.LuceneHandler">
            <param name="path" value="${wsp.home}/index"/>
            <param name="resultFetchSize" value="50"/>
        </SearchIndex>
        
        <WorkspaceSecurity>
            <AccessControlProvider class="org.apache.jackrabbit.core.security.authorization.acl.ACLProvider">
                <param name="omit-default-permission" value="true"/>
            </AccessControlProvider>
        </WorkspaceSecurity>
        
        <Import>
            <ProtectedItemImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
            <ProtectedItemImporter class="org.apache.jackrabbit.core.security.user.UserImporter">
                <param name="importBehavior" value="besteffort"/>
            </ProtectedItemImporter>
        </Import>
    </Workspace>
    
    <Versioning rootPath="${rep.home}/version">
        
        <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
            <param name="path" value="${rep.home}/version"/>
        </FileSystem>
        
        <PersistenceManager class="com.day.crx.persistence.tar.TarPersistenceManager"/>
    </Versioning>
    
    <SearchIndex class="com.day.crx.query.lucene.LuceneHandler">
        <param name="path" value="${rep.home}/repository/index"/>
    </SearchIndex>
    
    <Cluster>
        <Journal class="com.day.crx.persistence.tar.TarJournal"/>
    </Cluster>
    
    <Modules>
        
    </Modules>
</Repository>
3. Updated F:\installed\cq5\author\crx-quickstart\bin\quickstart.bat with:
@echo off
:: This script configures the start information for this server.
:: The following variables may be used to override the defaults.
:: For one-time overrides the variable can be set as part of the command-line; e.g.,
::     SET CQ_PORT=1234 & ./start.bat
setlocal
::* TCP port used for stop and status scripts
set CQ_PORT=4502
::* http host name
:: set CQ_HOST=
::* interface that this server should listen to
:: set CQ_INTERFACE=eth0
::* show gui
set CQ_GUI=true
::* do not show browser on startup
set CQ_NOBROWSER=true
::* do not redirect stdout/stderr (logs to console)
set CQ_VERBOSE=true
::* do not fork the JVM
:: set CQ_NOFORK=true
::* force forking the VM using recommended default memory settings
:: set CQ_FORK=true
::* additional arguments for the forked JVM
:: set CQ_FORKARGS=
::* runmode(s)
set CQ_RUNMODE=author,dev
::* defines the path under which the quickstart work folder is located
:: set CQ_BASEFOLDER=
::* low memory action
:: set CQ_LOWMEMACTION=
::* name of the jarfile
:: set CQ_JARFILE=
::* use jaas.config
:: set CQ_USE_JAAS=true
::* config for jaas
set CQ_JAAS_CONFIG=F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf
::* default JVM options
set CQ_JVM_OPTS=-Djava.security.auth.login.config=F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf -Xms1024m -Xmx1024m -XX:PermSize=256M -XX:MaxPermSize=256M -XX:+UseConcMarkSweepGC -XX:NewRatio=1 -XX:CMSInitiatingOccupancyFraction=85 -XX:ParallelGCThreads=4 -XX:GCTimeRatio=3 -XX:+UseParNewGC -XX:-UseGCOverheadLimit -XX:SurvivorRatio=6 -Xloggc:F:/installed/cq5/author/crx-quickstart/gc.log -verbose:gc -XX:+PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9998 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.awt.headless=true
::* do not configure below this point
chdir /D %~dp0
cd ..\..
set START_OPTS=-use-control-port
if defined CQ_PORT            set START_OPTS=%START_OPTS% -p %CQ_PORT%
if defined CQ_INTERFACE       set START_OPTS=%START_OPTS% -a %CQ_INTERFACE%
if defined CQ_GUI             set START_OPTS=%START_OPTS% -gui
if defined CQ_NOBROWSER       set START_OPTS=%START_OPTS% -nobrowser
if defined CQ_VERBOSE         set START_OPTS=%START_OPTS% -verbose
if defined CQ_NOFORK          set START_OPTS=%START_OPTS% -nofork
if defined CQ_FORK            set START_OPTS=%START_OPTS% -fork
if defined CQ_FORKARGS        set START_OPTS=%START_OPTS% -forkargs %CQ_FORKARGS%
if defined CQ_RUNMODE         set START_OPTS=%START_OPTS% -r %CQ_RUNMODE%
if defined CQ_BASEFOLDER      set START_OPTS=%START_OPTS% -b %CQ_BASEFOLDER%
if defined CQ_LOWMEMACTION    set START_OPTS=%START_OPTS% -low-mem-action %CQ_LOWMEMACTION%
if defined CQ_HOST            set START_OPTS=%START_OPTS% -Dorg.apache.felix.http.host=%CQ_HOST%
if defined CQ_USE_JAAS        set START_OPTS=%START_OPTS% -Djava.security.auth.login.config=%CQ_JAAS_CONFIG%
if not defined CQ_JARFILE     for %%X in (*.jar) do set CQ_JARFILE=%%X
tasklist > oldTaskList.txt
start "CQ" cmd.exe /K java %CQ_JVM_OPTS% -jar %CQ_JARFILE% %START_OPTS%
tasklist > newTaskList.txt
java -cp %~dp0 GetProcessID oldTaskList.txt newTaskList.txt java.exe > crx-quickstart\conf\cq.pid
del newTaskList.txt
del oldTaskList.txt
4. Started CQ5 by double-clicking F:\installed\cq5\author\crx-quickstart\bin\quickstart.bat
Issue: I am not able to see the domain "com.adobe.granite.ldap" in http://localhost:4502/system/console/jmx
I am not sure what have I done wrong. Please let me know how can I synchronize all the users from LDAP into CRX.
Thanks in advance,
Anurag

Please refer my post:
CQ5 as Windows Service with LDAP Authentication
http://forums.adobe.com/thread/1260837?tstart=0

Similar Messages

ISE and LDAP Integration

Hello,
I have a question about the LDAP integration with the ISE:
Since the ISE has a limitation of reading only 100 groups, I cannot find the groups that I need to use on the authorization, and also the ISE cannot find group if I search for it directly.
What I mean here, that I can fetch the first 100 groups from the top of the directory, but when I search as example for any group (appear on the list or not) the ISE did not find it.
Even I tried to change the base DN and the search DN but without luck.
The ISE version is 1.1.4 installed on VM and the LDAP schema is AD.
Is there any missing information/tips required in such integration?

Hello,
I found a cisco doc that provides resolution of Key Features of Integration of Cisco ISE and LDAP .I hope this helps!
This section contains the following:
•Directory Service
•Multiple LDAP Instances
•Failover
•LDAP Connection Management
•User Authentication
•Authentication Using LDAP
•Binding Errors
•User Lookup
•MAC Address Lookup
•Group Membership Information Retrieval
•Attributes Retrieval
•Certificate Retrieval
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1059913

EP60 and LDAP integration with Micosroft AD- Issues

Hello,
We have configured EP6 SP11 and Microsoft AD for the user authentication as below.
MsAD:
AD_Compass_Domain
OU= Accounts
    OU=CORPORATE
          OU=IT
                User1 (User master record)
                 User2 (User master record)
            OU=FI
                 User3 (User master record)
OU=SAP_Portal
       OU=Corp_LDAP
             OU= Groups
                      SAP_Portal (Group Object and users are member of this group object as a link from all different OUs -user1,user2,user3)
              OU= Users
EP6 LDAP config:
Data Sources: Microsoft ADS (Flat Hierarchy) + Database
(We also tried Deep hierarchy didn't work)
LDAP Server:
User Path : OU=SAP_Portal,DC=NA,DC=CompassDev,DC=Corp
Group Path :
OU=Groups,OU=Corp_LDAP,OU=SAP_Portal,DC=NA,DC=CompassDev,DC=Corp
The issues:
1- SAP Portal could not see the group object when I browse the LDAP from portal.
2- SAP Portal is not allowing users (User1, User2, User3 etc which are member of the group object) to log in to the portal unless I put users directly under OU level like OU=Groups or if I point the path to the
OU=Accounts level which we do not want to do that because we have 50,000 users defined under OU=Accounts and we want just some of them like 3000 users. Portal gives the message
user authentication failed
Note: I checked the UME and I dont see the users listed in the group objects. Group object "SAP_Portal" is Universal Group object. (We also tried the global type)
3- When we put user directly under OU level, then users can log in but they are not able to change their password. We also can not change the user passwords through the Portal admin tools(UME or Visual Admin). I
have heard that without SSL, MsAD would not allow portal users to change their password.
a. (Portal internal user, [email protected], has
only read access on MsAD)
Note: We use 3268 as an AD port and 389 is also active I tried both of them but no chance.
Thanks for your help in advance.

Sasikanth,
Usually before you switch UME to AD, you would read it with an LDAP web compliant browser, to check if you could access your OU, Group, and Users. Are you sure you can read the complete LDAP structure on AD?
Kindly re-check the process, to see if you missed out on any steps.
http://help.sap.com/saphelp_erp2004/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm
Check note 772620 - UME 4.0: Create Groups on Microsoft Active Directory Server
Regards,
James

LDAP and SAP integration

Hi,
As a part of a project requirement, we are trying to integrate Solution manager with LDAP (Lightweight Directory Access Protocol).
Using the directory service, we are trying to synchronize the CUA (Central user administration within Solution manager) with Active directory of LDAP so that we can maintain the User data centrally from a single point in LDAP.
Problem description:
Currently, Client has implemented the LDAP and CUA integration and when a new user is added in LDAP, it is automatically getting copied in all SAP systems and at real time, when the useru2019s u201CLASTNAMEu201D field is updated in LDAP, it is automatically getting synchronized in all SAP systems.
But, If any attribute other than u201CLASTNAMEu201D is changed (i.e. The expiry /validity date of the User in LDAP, GLTGB in SAP), then the field value is not getting synchronized in the SAP Central User Adm.
Our Findings:
We have checked the configurations and imported mappings in SAP Solution Manager and everything looks fine. We have debugged the standard program RSLDAPSYNC_USER extensively and found out that an RFC call to function module LDAPRFC_SEARCH is not returning the expected values.
Thanks
Deb

Hi Deb,
It would be really nice if you can elaborate on the configurations that need to be done as part of this integration. I hope, you have been successfull by now.
Actually, I too need to perform the same as part of a project.
Thanks in advance.

UCCX 7.0.1SR5 to 8.0 upgrade while also adding LDAP integration for CUCM - what happens to agents and Historical Reporting data?

Current State:
•    I have a customer running CUCM 6.1 and UCCX 7.01SR5. Currently their CUCM is *NOT* LDAP integrated and using local accounts only. UCCX is AXL integrated to CUCM as usual and is pulling users from CUCM and using CUCM for login validation for CAD.
•    The local user accounts in CUCM currently match the naming format in active directory (John Smith in CUCM is jsmith and John Smith is jsmith in AD)
Goal:
•    Upgrade software versions and migrate to new hardware for UCCX
•    LDAP integrate the CUCM users
Desired Future State and Proposed Upgrade Method
Using the UCCX Pre Upgrade Tool (PUT), backup the current UCCX 7.01 server.
Then during a weekend maintenance window……
•    Upgrade the CUCM cluster from 6.1 to 8.0 in 2 step process
•    Integrate the CUCM cluster to corporate active directory (LDAP) - sync the same users that were present before, associate with physical phones, select the same ACD/UCCX line under the users settings as before
•    Then build UCCX 8.0 server on new hardware and stop at the initial setup stage
•    Restore the data from the UCCX PUT tool
•    Continue setup per documentation
At this point does UCCX see these agents as the same as they were before?
Is the historical reporting data the same with regards to agent John Smith (local CUCM user) from last week and agent John Smith (LDAP imported CUCM user) from this week ?
I have the feeling that UCCX will see the agents as different almost as if there is a unique identifier that's used in addition to the simple user name.
We can simplify this question along these lines
Starting at the beginning with CUCM 6.1 (local users) and UCCX 7.01. Let's say the customer decided to LDAP integrate the CUCM users and not upgrade any software.
If I follow the same steps with re-associating the users to devices and selecting the ACD/UCCX extension, what happens?
I would guess that UCCX would see all the users it knew about get deleted (making them inactive agents) and the see a whole group of new agents get created.
What would historical reporting show in this case? A set of old agents and a set of new agents treated differently?
Has anyone run into this before?
Is my goal possible while keeping the agent configuration and HR data as it was before?

I was doing some more research looking at the DB schema for UCCX 8.
Looking at the Resource table in UCCX, it looks like there is primary key that represents each user.
My question, is this key replicated from CUCM or created locally when the user is imported into UCCX?
How does UCCX determine if user account jsmith in CUCM, when it’s a local account, is different than user account jsmith in CUCM that is LDAP imported?
Would it be possible (with TAC's help most likely) to edit this field back to the previous values so that AQM and historical reporting would think the user accounts are the same?
Database table name: Resource
The Unified CCX system creates a new record in the Resource table when the Unified CCX system retrieves agent information from the Unified CM.
A Resource record contains information about the resource (agent). One such record exists for each active and inactive resource. When a resource is deleted, the old record is flagged as inactive; when a resource is updated, a new record is created and the old one is flagged as inactive.

COBRAS Import for Unity Connection 8.5 and Subscriber LDAP Integration Status

Using COBRAS Import for Unity Connection 1.1 Build 212 with Unity 4.2 Voicemail Only and Connection 8.5(1)SU1 with LDAP Directory Integration
When I run COBRAS the old alias matches the new alias and my desire is for subscribers being moved to be LDAP inegrated. However after COBRAS runs, the radio box for LDAP Integration Status on the subscriber is set to Do Not Integrate with LDAP Directory. Is there a way for COBRAS to select Integrate with LDAP Directory when the alias matches on LDAP?

Hi ben,
If you are just importing from and not authenticating against LDAP, then the PIN comes
from the Connection Template you used to build the users;
Note that no passwords or PINs are copied from the LDAP directory to the Connection database. If
you want Connection users to authenticate against the LDAP directory, see the “LDAP
Authentication” section on page 9-7.
http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/design/guide/8xcucdg040.html
Cheers!
Rob
"Show a little faith, there's magic in the night" - Springsteen

Problem with Afaria and LDAP user authentication in Android device

Hi all,
I have a server with Afaria 7 (SP4, hotfix3) installed. In this Afaria there is a tenant (system) without LDAP/AD integration working correctly. I need to have other tenant with LDAP integration in which the users must be authenticated.
I know that for iOS devices is necessary reinstall the iphoneserver selecting "Afaria Server managed authentication" but at first I want to make run the Android devices. For this reason I don't do this yet.
I follow the next steps:
1-Create a new tenant
2- Configure LDAP integration
3-Create a inventory policy with authentication required
4-Create a static group associated to the inventory policy
5-Create a enrolment policy associated to the static group.
When I launch the Afaria agent on the device, the user/password parameters are required. After fill the user/password parameters, the device connect to the server and then is show the message "user or password incorrects".
I have seen the log and seem the problem is that Afaria can't authenticate this user.
I validate that Afaria can "see" the LDAP users creating a user group that contains this user(JimenM99)
The problem is autentication, because if I remove "autentication required" of the inventory policy, the device enrol correctly.
Could you please help to solve this problem?
Thanks in advance.

Hi all,
I have a server with Afaria 7 (SP4, hotfix3) installed. In this Afaria there is a tenant (system) without LDAP/AD integration working correctly. I need to have other tenant with LDAP integration in which the users must be authenticated.
I know that for iOS devices is necessary reinstall the iphoneserver selecting "Afaria Server managed authentication" but at first I want to make run the Android devices. For this reason I don't do this yet.
I follow the next steps:
1-Create a new tenant
2- Configure LDAP integration
3-Create a inventory policy with authentication required
4-Create a static group associated to the inventory policy
5-Create a enrolment policy associated to the static group.
When I launch the Afaria agent on the device, the user/password parameters are required. After fill the user/password parameters, the device connect to the server and then is show the message "user or password incorrects".
I have seen the log and seem the problem is that Afaria can't authenticate this user.
I validate that Afaria can "see" the LDAP users creating a user group that contains this user(JimenM99)
The problem is autentication, because if I remove "autentication required" of the inventory policy, the device enrol correctly.
Could you please help to solve this problem?
Thanks in advance.

LDAP User Synchronization : Password

Hi All,
I have a question about LDAP User Synchronization to SU01 in ABAP. Does it create an initial password for the users being Synced? or It stores the LDAP Password in SU01 password field?
I have doubt about the second, as LDAP will never return the password in plain text, and Password Hashing schemes can be different between LDAP and ABAP.
If it doesn't store the password at all in SU01 for Synced users, then how does user login into SAP GUI?
Please let me know.
Thanks in Advance,
Sanjeev

Hi Tim,
it's not possible to unhash cryptographic hash function. One of the main properties of each cryptographic hash function is preimage resistance which means that it's not feasible for a given hash h to find a message m that hash(m) = h. Even in case that it is possible to find this message you can't be sure that that was the original message because as we know a hash function maps message of arbitrary length to fixed size string. Obviously, there is more messages with variable length than messages with one fixed sized so there has to be at least one hash where there are two messages m1 and m2 and hash(m1) = hash(m2) (pigeon hole principle). So it could happen that user would choose password m1 but your unhasing algorithm would get m2. Obviously, it's highly improbable that second hash function hash m1 and m2 into same hash. Therefore such a solution will not be never available and the only solution is to get password in clear text and distribute it to each system in clear text form. As Julius mentioned this is supported but it has some disadvantages.
Cheers

Enterprise Portal - MDM - LDAP integration

We are succesfully able to integrate Portal to MDM with a trusted connection and with portal users existing in LDAP and mdm users existing in MDM console.
We also successfully integrated MDM with LDAP so that we dont have to store users in console, but manage them in LDAP. But once we did the LDAP integration, portal to MDM connection was lost saying mdm user details could not be retrieved.
Has anybody faced this issue? what key steps to taken care during MDM-LDAP integration.

Hi goerge,
When ever we integrate MDM with LDAP, we need to make a setting in MDS.ini file.
Please check the "User Identifier" setting in MDS.ini file.
Typically this should be The name of the LDAP id field which will match the value the user provides as the Username at logon.
Make the entry in MDS.ini like User Identifier = cn or SamAccountName.
If that is done, please verify other parameters corresponding to LDAP in MDS.ini as per the table 91 in Page no 291 in MDM Console referece guide.
Or refer to the SAP note 1635338 for reference which is pointing to same issue.
This should solve your problem.
Regards,
Sravan

LDAP Integration with CUCM 9.0

We would like to use LDAP to sync all of our users from Active Directory. All of our current CM Users are local, the problem is that they have the same user names as our Active Directory users. From what I understand this is going to be a problem because:
"If accounts from LDAP match an existing Unified CM account that is not marked as an LDAP synchronized account, then these accounts are ignored."
Does that mean we will have to delete all our existing CM users in order to sync the LDAP users correctly? Is there a best practice for this? Once we syncronize the LDAP users how to I ensure that the user gets associated with the proper phone? Or do I have to visit each user individually?

I just did a quick test for this, my lab CUCM 9 is already LDAP integrated, but I created a local user, then I created that same local user in my LDAP OU, and performed a full sync.
The user is no longer showing as a local active user, but as an active LDAP synchronized user.
Which was my thought, there's only one conversion, from LDAP to local.
The behavior is just as with any previous release, local users who match an LDAP user after you enable it, are just updated, and kept with all their configurations.
I checked the option to turn it back again into a local user, did a full sync, and it's again an active LDAP user.
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk

CC&B and MDM Integration

Dear Friends,
Currently we are using ccb 2.3.0 and MDM 1.6.0 versions
1.How we can integrate CC&B and MDM ,
2. what are various possible ways of integration and components required for the same
pls recommend the latest versions if integration becomes easier
thanks and regards
sivaram

The new MDM 2.0.1 version has some integration functionalities build in.
MDM 2.0 has introduced a concept called "Seeder" this is more or less an XAI Integration.
Since version 2.0.1 you have a Seeder for IMD import and master data synchronization.
You can review the documentation (Framework_Administration_Guide_v4_1_0) if you are interested in details.
Check chapter "External Application Integration".
The suggested way is to setup OSB for message routing and transformation and XAI to publish/subscribe the integration
messages.
/Markus

MDM LDAP Integration

Hi,
We have integrated MDM with LDAP, by creating LDAP Roles & mapping them with MDM Roles. We are having log entries for Admin user for all repositories after every 10 milli-seconds. Any idea why these entries, how to stop this?
2010-03-03T22:56:22.978,1096    ,23,"Log-on failure: LDAP Error, userName = Admin User not found",MDSPublicServer@AuthorizeSessionForRepository,CatMgrDatabase.cpp,1866,,,1155,Admin,REPO 1<dbserver\DEV [SQL_Server]>,,,
2010-03-03T22:56:22.994,1096    ,14,"GetUserInfo: Unspecified Exit Point",Horizontal@LDAP,<file not specified>,,GetUserInfo,,1155,Admin,REPO1 <dbserver\DEV [SQL_Server]>,End,,
Thanks,
Ketan

Ketan,
Please refer this document for MDM LDAP Integration Process Step by Step,
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/8054d5e1-1000-2c10-a09e-a168973f74b5?quicklink=index&overridelayout=true
Also refer SAP Notes, Note 1279785 - LDAP users connect to MDM with Fallback setting
                                    Note 1096642 - Check-in/out does not work with LDAP user authentication
Hope it helps...
Thanks and Regards,
Mandeep Saini

CM 7.1 LDAP integration not updating

I have an LDAP integration that worked at 1 time to import all the users but now when I make a change to a user in AD, it never gets to CM. The sync process seems to just sit there and the only option is to "Cancel Sync". I can update the LDAP fields without error so the user/pass and search space all appear t obe correct. I have looked for issues online but cant find anything to matches this issue, they are usually a search base issue.

I'm facing the same problem.
I have set up a lab for LDAP integration and after setting up for the first time worked but one user that exists on CUCM and do not exists on AD was flaged as active i decided to remake ldap settings after that nothing works anymore, it sayd that users are active even if they do not exist on AD.
If i add a new ldap directory does not sync and users are not added.
Any idea?
already restarted server...no joy

OAS and LDAP or OAS and OID ???

1) Is OAS and LDAP a good combination or OAS and OID ???
how do we connect and make use of LDAP from OAS?
please let me know
thanks in advance

Get hold of Whitepaper 774783.1 LDAP Integration for Oracle Utilities Application Framework based products from My Support

Custom LDAP Integration

We are creating a custom LDAP integration to replace the deprecated one in the application. We have all of our remote container services on a separate server from the slave server(s). Do we have to install the custom assemblies on the remote container server and if so what directories? The documentation in the EP says to only install into the bin directories of the web applications. Thanks.

Yes, put it in the same directory as the RemotingContainer.exe file.

CQ5.5 and ldap integration/synchronization

Similar Messages

Maybe you are looking for