Domino LDAP

Similar Messages

• Cannot import users in CUCM 9 when use Domino LDAP

  Hello All,
  I'm trying to use Domino LDAP in CUCM 9 to import users. My configuration is:
  LDAP System:
  OpenLDAP
  uid
  I have added LDAP Directory and everything seems okey. When run Perform Full Sync Now and go to User Management -> End Users I cannot find any User.
  In DirSync log:
  2015-02-06 08:52:38,403 DEBUG [DSLDAPSyncImpl(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:294) - LDAPSync(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)[Run] Run the LDAPSync thread
  2015-02-06 08:52:38,403 DEBUG [DSLDAPSyncImpl(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:1796) - LDAPSync(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)[resetFlags] init variables...
  2015-02-06 08:52:38,403 DEBUG [DSLDAPSyncImpl(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:660) - LDAPSync(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)[checkLDAP] Check LDAP setting ...
  2015-02-06 08:52:38,403 DEBUG [DSLDAPSyncImpl(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:671) - LDAPSync(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)[checkLDAP] Add binary attributes
  2015-02-06 08:52:38,403 DEBUG [DSLDAPSyncImpl(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:858) - LDAPSync(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)[makeConnection] Making connection [Attempt 1], currLDAPHostIndex=0, hostList.size=1
  2015-02-06 08:52:38,404 DEBUG [DSLDAPSyncImpl(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:1483) - LDAPSync(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)[getHostAddress] Hostname=ldap.domain.com
  2015-02-06 08:52:38,404 DEBUG [DSLDAPSyncImpl(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:1489) - LDAPSync(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)[getHostAddress] Result string = 10.193.1.1
  2015-02-06 08:52:38,404 DEBUG [DSLDAPSyncImpl(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:871) - LDAPSync(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)[makeConnection] New LDAP URL : ldap://10.193.1.1:389
  2015-02-06 08:52:38,406 DEBUG [DSLDAPSyncImpl(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:878) - LDAPSync(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)[makeConnection] Successful LDAP connection to : ldap://10.193.1.1:389
  2015-02-06 08:52:38,406 DEBUG [DSLDAPSyncImpl(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:883) - LDAPSync(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)[makeConnection] Start over on ldap.domain.com
  2015-02-06 08:52:38,407 DEBUG [DSLDAPSyncImpl(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:706) - LDAPSync(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)[checkLDAP] Getting supportedcontrol from ctx
  2015-02-06 08:52:38,407 ERROR [DSLDAPSyncImpl(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:802) - LDAPSync(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)[checkLDAP] Failed to check LDAP - java.lang.NullPointerException
  2015-02-06 08:52:38,407 ERROR [DSLDAPSyncImpl(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)] ldapplugable.DSLDAPSyncImpl (DSLDAPSyncImpl.java:803) - LDAPSync(1471d0ce-97a5-5657-53e7-2200a8ea7ce0)[checkLDAP] java.lang.NullPointerException
  Thank you!
  Yordan

  Great!
  Thank you for the answer!

• DIP synchronization from Domino LDAP to OID

  Hi,
  has anyone tried using DIP to synchronize users and groups from Lotus Domino LDAP to OID?
  There is a connector available with OIM, but since I don't need provisioning was hoping to get away without extra OIM infrastructure. (I will use OIM if I have to).
  My attempts are still in the early stage, and wanted to make sure I was going down the right road.
  Using 10.1.4.3 OID, creating an import connector using the import openLDAP template.
  Looks like I can get the mapping down and a manual bootstrap does work.
  1) Can I adapt elements of the OIM adapter to work within the DIP connector?
  2) Domino seems to store groups at the root DSE. The DIP connector does not accept empty or "" as a source domain to search for the groups. It needs that the source groups be stored in a container. Anyone run into this type of thing? Is there something to enter into the DIP connector config that will allow using the ROOT DSE of the target as search source?
  3) When I enable the connector, Synchronization delivers a success status. Reconcile is errored and unsuccessful. Can I get by with only synchronization working?
  4) Going outside of Oracle here...but is anyone aware if Lotus Domino LDAP maintains a changelog? Or does it use modify timestamps as attributes of users/groups?
  5) In the eventuality that I need to write a custom agent for Domino or custom 'Reader' or reconcile agent. Has anyone done this or have sample code to look at? Even if not for Domino, but custom for other LDAP?
  Thanks

  it's either DIP via LDAP or OIM connector via Lotus Java API. I'd go with LDAP...if DIP doesn't work, it's pretty simple to write a script to export records and then import them into OID. There are a lot of LDAP utilities, google is your friend.

• Domino ldap and weblogic server 6.1

  Hi,
  I am trying to use domino ldap for authentication in weblogic server 6.1
  I configured a custom ldap realm.
  But the users were not listed from domino ldap and authentication also failed.
  Can anybody help me?
  Thanx in advance.
  - prabha.

  at the moment it is possible for me to work, though. i worked around the
  problem and i set web.xml as a read only file. i still can't use wizards to
  create servlets and i can't edit web.xml with jbuilder.

• How to use Domino LDAP in WebLogic Portal 8.1?

  Hi, all
  I'm trying to solve the problem of how to use Domino LDAP in WebLogic Portal 8.1. Anybody who have this experience please help me.
  Best Regards,
  Sean

  Hi,
  I just spoke to BEA and domino LDAP not supported although they gave me these
  LDAP filters that might help -
  http://support.bea.com/application?namespace=askbea&origin=ask_bea_answer.jsp&event=link.view_answer_page_solution&answerpage=solution&page=wls/S-09460.htm
  Sean Lin <[email protected]> wrote:
  Hi, all
  I'm trying to solve the problem of how to use Domino LDAP in WebLogic
  Portal 8.1. Anybody who have this experience please help me.
  Best Regards,
  Sean

• ISE with Domino LDAP Integration

  Hi everyone,
  Does anyone has know about Domino LDAP ? I would like to integrate this LDAP with Cisco ISE.
  I try to bind this LDAP but it does not show me anything in "Naming Context". So I cannot choose group to map into ISE.
  I test this on WLC. It is success to do but cannot make the same thing with Cisco ISE.
  Is this LDAP supports with Cisco ISE 1.1.1 ?
  Regards,
  Pongsatorn Maneesud

  Hi,
  There are two templates that are supported (schemas) one is for AD and the other is for openLdap, do you have a screenshot on how the WLC is configured?
  However you can create your own see if this guide gets you started:
  http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_man_id_stores.html#wp1068762
  Here is some information on the domino schema -
  http://www-12.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/b3266a3c17f9bb7085256b870069c0a9/715915cede8d461685256c1d00393b5d?OpenDocument
  Thanks,
  Tarik admani

• Domino LDAP Lotus Notes Server

  I have been successful in connecting to a Domino LDAP through Weblogic. The problem
  I am having is when I go to /tools there are only three groups that show up: admin,
  administrators, and administrator. None of my other groups in the LDAP show up,
  which make personalization hard to do. When I set up my LDAP connection in the
  console I am connecting to the admin group. Can weblogic show more than one group
  in LDAP? Has anyone been successful at connecting to Domino? Below my configuration
  data:
  domino.group.dn=cn=admin
  domino.membership.filter=(&(member=%M)(objectclass=dominoGroup))
  domino.user.filter=(&(cn=%u)(objectclass=dominoPerson))
  server.alias=domino
  domino.server.principal=cn=user,o=ATT
  domino.group.iscontext=false
  domino.server.host=server.mydomain.com:389
  domino.server.credential=bea4321
  domino.user.dn=
  domino.group.filter=(&(cn=%g)(objectclass=dominoGroup))

  Hi John,
  Please note that the LDAP realm (both V1 and V2) that comes with WLS 6.x only support
  these LDAP servers:
  Netscape Directory Server
  Microsoft Site Server
  Novell Directory Server
  OpenLDAP Directory Server
  Regards,
  Joseph Nguyen
  BEA WebLogic Support
  John wrote:
  I have been successful in connecting to a Domino LDAP through Weblogic. The problem
  I am having is when I go to /tools there are only three groups that show up: admin,
  administrators, and administrator. None of my other groups in the LDAP show up,
  which make personalization hard to do. When I set up my LDAP connection in the
  console I am connecting to the admin group. Can weblogic show more than one group
  in LDAP? Has anyone been successful at connecting to Domino? Below my configuration
  data:
  domino.group.dn=cn=admin
  domino.membership.filter=(&(member=%M)(objectclass=dominoGroup))
  domino.user.filter=(&(cn=%u)(objectclass=dominoPerson))
  server.alias=domino
  domino.server.principal=cn=user,o=ATT
  domino.group.iscontext=false
  domino.server.host=server.mydomain.com:389
  domino.server.credential=bea4321
  domino.user.dn=
  domino.group.filter=(&(cn=%g)(objectclass=dominoGroup))--
  Joseph Nguyen
  Developer Relations Engineer
  BEA Systems, Inc.

• Connecting to a Domino LDAP directory

  hi..
  Is it possible to connect Sun Java Directory server to a Domino LDAP server and create a replica of Domino LDAP accounts on Sun Java Directory server?
  the basic idea is to have the Domino Address Book in Communication Express.
  Is there any workaround or procedure to follow? We have more than 50,000 emails addresses in Domino Address Book.. how do we get these entries into Sun Java Directory Server?
  Thanks
  Prasad

  Hi Prasad,
  There is no standard defining LDAP Replication. The effort at IETF has failed to reach consensus and each vendor has implemented his own replication model and protocols.
  As a result, it is not possible to have Sun Directory Server to replicate to or be replicated to from a Domino LDAP directory.
  One workaround is use a Meta-Directory product to synchronize the content between the 2 servers.
  Regards,
  Ludovic

• Remote Domino LDAP Address Book

  hi people..
  we have sun java communication suite up and running. recently my boss has asked to incooperate domino address book in the sun java messaging server.
  i have followed the steps in the Communication Suite Admin guide, adding an additional remote address book.
  the steps i followed are -
  1. edited defaultps.xml
  2. edited personalstore.properties.. mentioned the LDAP url
  3. created a new directory under config/corp-dir2 copied files from corp-dir directory
  4. edited the dbconfig.properties and mention the ldap server
  5. restarted the web container.
  logged into uwc to check if it was reflected. could see the extra address book, but when searching.. it generated an sever error
  "Your server is not configured properly or your search query has exceeded the limit. Please check server configuration"
  any inputs from experts, where i must have gone wrong..
  thanks
  Bhanu Prasad
  Edited by: prasad0_0 on Oct 10, 2007 6:33 AM

  shane_hjorth wrote:
  Is the LDAP query recorded as being successful (or occurring at all) from the domino server end?
  If so did the search have an error, return a problem etc. That would be a good place to start debugging.hi shane,
  thanks for the reply.
  well the ldap query is been successful on the domino side as the logs confirm.
  when querying all with the filter (objectclass=*) returns a successful entry from the domino side,
  but is unable to display on the address book.
  how ever the entry returned is for the user at the o level, and user in the ou level fails to return a value.
  we are not sure how does uwc query the local ldap server and display the result for uwc.we figured there is a search.xml file involved, but not sure how uwc renders the search.
  If not then you would need to turn up full debugging on UWC to see if there are any errors from that end.how do we turn on full debugging for UWC

• Domino Notes and LDAP Connection using wls 6.1

  We would like to use Domino LDAP for authentication/authorization in Webogic, but
  we are not able to configure it. Has someone else already done this? Below is
  a list of steps to take that we got from a BEA consultent. The problem is step
  10, rebooting the server. When I try to do this, I get a Fatal initialization
  exception error and cannot start the server.
  1. Open the WebLogic Server Administration Console http://localhost:7001/console
  in a browser.
  2. In the right pane of the Administration Console, click the mydomain->Security->Realms->Create
  a new Custom Realm.
  3. Enter MyLotusLDAPRealm in the Name field.
  4. Click Create.
  5. In the right pane of the Administration Console, click the mydomain->Security->Caching
  Realms->Create a new Caching Realm.
  6. Enter MyLotusCachingRealm in the Name field.
  7. Click Create.
  8. In the right pane of the Administration Console, click the mydomain-Security.
  9. Select the MyLotusLDAPRealm from the drop-down box for the Caching Realm.
  10. Reboot the WebLogic Server.
  11. Copy the ldaprealm.properties to bea/wlserver6.1
  12. Modify the web.xml
  13. Modify the weblogic.xml
  If anyone has done this before please let me know how you did it. Thanks!

  That works. Thanks!
  "Romuald RICHARD" <[email protected]> wrote:
  Try to use the type 4 driver from Oracle 9i.
  Be sure to put the classes12.zip from the /jdbc/lib/ of Oracle file in
  the
  begining of the classpath of Weblogic.
  Romuald RICHARD
  Developer Relations Engineer
  BEA Support
  "mike" <[email protected]> wrote in message
  news:3ca93930$[email protected]..
  I'm trying to create connection pool to Oracle 9i database under Linux.Oracle
  installation is fine, and I can use Oracle examples to connect to mydatabase.
  But when I try to create pool from within WLS I get:
  - Trying oracle.jdbc.OracleDriver: <Cannot startup connection pool"oraclePool"
  No suitable driver>
  - Trying weblogic.jdbc.oci.Driver: java.lang.UnsatisfiedLinkError:/home/usr/local/bea/wlserver6.1/lib/linux/i686/oci816_8/libweblogicoci37.so:
  libclntsh.so.8.0: cannot open shared object file: No such file ordirectory
  The latter is not a surprise, since the file does not exist. InsteadI
  have libclntsh.so.9.0
  and vanilla so, which is a soft link to 9.0. Creating link with desiredname (libclntsh.8.0)
  to 9.0 does not help as it throws on unsatisfied symbol.
  Can you advise me on the reason and remedy?

• Authentication getting failed in sun one Ldap

  HI,
  Any one please can assist me for sun one ldap.
  My application developed(ldap related) based on lotus domino ldap server and webspere.
  now we are trying to deploy the same code with Websphere and sun one ldap server at our local environment.
  Iam getting the prblem of authentication fail.
  please follow the logs as.
  My question is what ever the code written for lotus domino is compatible with sun one ldap.Iam new to LDAP .
  pls any one give the suggestions.
  LDAP Interface: Performing LDAP authentication for user [NYilmaz]
  17 Dec 2007 18:43:13,359 [WARN ] NABLDAP: Transmission will be over an unencrypted connection. The username and password are transmitted in clear text form which is very insecure. Consider replacing the LDAP protocol with LDAPS (SSL).
  17 Dec 2007 18:43:13,359 [DEBUG] NABLDAP: Establishing a new authenticating connection to [ldap://gpat.bsdev.com]
  17 Dec 2007 18:43:13,375 [INFO ] NABLDAP: Failed to authenticate with the remote server on [ldap://gpat.bsdev.com] because of error '[LDAP: error code 34 - Invalid DN]'
  17 Dec 2007 18:43:13,375 [WARN ] LDAP Interface: Unsuccessful authentication attempt for user [NYilmaz]
  17 Dec 2007 18:43:13,375 [DEBUG] LDAP Interface: Writing the value {javax.naming.InvalidNameException:[LDAP: error code 34 - Invalid DN]} to General[1].OnionErrorMessage
  17 Dec 2007 18:43:13,390 [WARN ] NABLDAP: Transmission will be over an unencrypted connection. Consider replacing the LDAP protocol with LDAPS (SSL).
  17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Establishing a new anonymous connection to [ldap://gpat.bsdev.com]
  17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Connection established.
  17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Searching remote LDAP directory using the filter of [(&(objectclass=person)(&(cn=NYilmaz)))]

  Hello Vinay,
  when configuring multiple Ldap directories, There are a number of prerequisities that you need to
  consider.
  For example, One prerequisite for Multi domains is that logon IDs must be unique across mutliple LDAP datasources. This will cause issue if duplicate IDs exist.
  Please see the following Documentation and notes for more information on this.
  Examples of Data Source Configuration Files - Identity Management - SAP Library
  Example: Configuration of Multiple LDAP Data Sources - Identity Management - SAP Library
  1618342 - Multiple LDAP Datasources - Active Directories where logon IDs
  are not unique
  762419 - Multi-Domain Logon Using Microsoft Active Directory
  Please have a look at the above notes which documet this and also tells
  you what to do in these situations.
  Regards,
  David

• Use of external LDAP server in Weblogic Commerce Server

  I'm using the following software:
  Iplanet Directory Server v5
  Weblogic Application Server v6
  Weblogic Commerce v3.5
  I need to configure Weblogic Commerce Server to use Iplanet Directory Server directory
  services. How do I do that?
  I have a couple of questions related to this:
  1) As Weblogic Commerce Server runs on top of Weblogic v6, does it mean that to
  use an external LDAP server, I need to configure weblogic v6 to do that and not
  Weblogic Commerce Server?
  2) Whatever may be the case above, how do I do that?
  3) config.xml (weblogic application server v6) contains information that needs
  to be modified to point to an external JNDI source provider but what information
  do I need to modify?
  I'd really appreciate if someone can help me out here. Thanks!

  "JP" <[email protected]> wrote in message news:[email protected]..
  Hi,
  I'm looking for someone who has used the Lotus LDAP server for WLP7
  authentication.
  I connect my portal to the Domino LDAP, User and Groups are working
  fine, but the membership of a user to a group is not.
  I assume that it's related to the parameters I use (especially the
  membership.filter ?):
  "user.filter=(&(uid=%u)(objectclass=person));
  user.dn=O=Apac;
  membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
  group.filter=(&(cn=%g)(objectclass=groupOfNames));
  server.host=jpgal01.apac.bea.com;
  group.dn="
  Any help would be appreciate, because I just don't where to look for.
  Try setting the com.netscape.ldap.trace property.
  \* When -D command line option is used, defining the property with
  * no value will send the trace output to the standard error. If the
  * value is defined, it is assumed to be the name of an output file.
  * If the file name is prefixed with a '+' character, the file is
  * opened in append mode.
  This will create a ldap trace file of the requests that WLS is making on the
  LDAP server. You can then see
  where the filters are not returning the correct value for the group
  membership.

• LDAP and Notes Group Security Authentication Troubles

  First, my apologies if this is in the wrong forum, but after looking at the forum names a few times this seemed the most appropriate.
  I have a PDF file that I would like to have access restricted to a certain group on my organization's directory server. I'm kind of the new guy here, so I'm not 100% certain on this, but I'm pretty sure that our setup is:
  A Lotus Domino LDAP server storing the directory information in a Lotus Notes database. Each user has a Notes certificate stored on the server for authentication to various databases we have on our intranet.
  I've entered the LDAP server information in the Security Settings... window in Acrobat, and I'm sure its correct as I can use the same information to browse the LDAP server with Softerra LDAP browser. There is no authentication required, but the server might restrict access based on domain; I'm not sure (shouldn't matter). Anyway, when I go to Manage Trusted Identities... then Add Contacts, then Search, I can never get any results to return.
  I wish to only allow users in a certain group, CN=ALLOWED - GROUP, to have access to the PDF. I feel that there should be a way to accomplish this with the Notes certificates. Anyone know what I'm doing wrong or need to do?
  If something I've said is wrong or unclear, I'd be happy to try again; this sort of thing isn't my forte.
  Thanks in advance,
  Mark

  > I guess the CA is the machine that's hosting the Lotus notes database
  No, the CA is merely an "entity". It's your Certificate Authority, the master certificate used to sign and authenticate all subsidiary certificates. You are talking about setting this up as a PKI for signature validation and managed security, right? Or am I way off base with your workflow and leading you away from where you should be (if so, feel free to ignore me - lots of people do)?
  Leonard is right though, for securing individual PDFs to a specific group you would need LiveCycle Rights Management ES. The security needs to be in the PDF itself otherwise its useless. Say you configure your security at an application level, as you are trying to do, and then someone copies the PDF to a USB key and takes it home. No longer on your network, so they can now freely open the document.

• Lotus Notes LDAP Queries

  According to the manual, Ironport has a problem resolving some variations of Lotus Notes email addresses. It seems if the email address isn't specifically listed in the Name and Address Book, then the LDAP query will fail.
  Is there anyway to workaround this issue? I just installed a new box and its has been nice to see alot of emails being rejected by the LDAP lookup, however some people have gotten used to using implied variations of email addresses like Firstname_Lastname . This format isn't listed in the NAB, but it should be accepted as valid email.
  The only thing I can think of is to have the Notes people add aliases for each user, but I think they'll probably throw something at me!
  Thanks,
  Tony

  According to the manual, Ironport has a problem resolving some variations of Lotus Notes email addresses. It seems if the email address isn't specifically listed in the Name and Address Book, then the LDAP query will fail.
  We are using Domino for user, mail-in and group address lookups (both primary and alias addresses) without problems. LDAP will give "user doesn't exist" result if the exact address can't be found. In Domino it's possible to have LDAP lookup into multiple address book, even bind multiple 3rd party LDAP serves behind one Domino LDAP server. (This is configured in directory assitance database.)
  In the LDAP tree I get all mail addresses but not the aliases.
  You didn't mention if you are using anonymous LDAP query or authenticated LDAP query. The anonymous LDAP query uses different access rights than authenticated query and is configured differently.
  I assume you did anonymous query as you can see primary address but not alias. It's important to remember that the alias address is listed in different Domino field than primary Internet address.
  You have to include both "InternetAddress" and "ShortName" Domino fields in default configuration document's LDAP settings (if you make a anonymous LDAP queries). These are set in "Anonymous users can query" field of "LDAP Configuration"
  You should have at least the following included in "Anonymous users can query":
  "InternetAddress" Domino field linked to "mail" LDAP attribute
  "ShortName" Domino field linked to "uid" LDAP attribute
  The accept query in IronPort configuration will then look like:
  (|(mail={a})(uid={a}))
  This should solve both primary and alias addresses...

• Use of Lotus LDAP server for WLP 7 - LDAP experts ?

  Hi,
  I'm looking for someone who has used the Lotus LDAP server for WLP7
  authentication.
  I connect my portal to the Domino LDAP, User and Groups are working
  fine, but the membership of a user to a group is not.
  I assume that it's related to the parameters I use (especially the
  membership.filter ?):
  "user.filter=(&(uid=%u)(objectclass=person));
  user.dn=O=Apac;
  membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
  group.filter=(&(cn=%g)(objectclass=groupOfNames));
  server.host=jpgal01.apac.bea.com;
  group.dn="
  Any help would be appreciate, because I just don't where to look for.
  JP

  "JP" <[email protected]> wrote in message news:[email protected]..
  Hi,
  I'm looking for someone who has used the Lotus LDAP server for WLP7
  authentication.
  I connect my portal to the Domino LDAP, User and Groups are working
  fine, but the membership of a user to a group is not.
  I assume that it's related to the parameters I use (especially the
  membership.filter ?):
  "user.filter=(&(uid=%u)(objectclass=person));
  user.dn=O=Apac;
  membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
  group.filter=(&(cn=%g)(objectclass=groupOfNames));
  server.host=jpgal01.apac.bea.com;
  group.dn="
  Any help would be appreciate, because I just don't where to look for.
  Try setting the com.netscape.ldap.trace property.
  \* When -D command line option is used, defining the property with
  * no value will send the trace output to the standard error. If the
  * value is defined, it is assumed to be the name of an output file.
  * If the file name is prefixed with a '+' character, the file is
  * opened in append mode.
  This will create a ldap trace file of the requests that WLS is making on the
  LDAP server. You can then see
  where the filters are not returning the correct value for the group
  membership.