Dtlogin with Openldap 2.3.20
Hi,
recently after many problems I have stopped my tests to implement Openldap 2.3.20 with Padl libraries. I started to setup Openldap with native libraries following instructions from a kind friend and from Gary Tay homepage. I use for the moment the unencrypted protocol "ldap://". For the moment client and server are inside the same Sun Sparc Machine.
Commands like getent passwd, getent group, finger, listusers, su and id work fine with ldap users so I think the nss_ldap module is ok.
Authentication of ldap user with "ssh" works fine.
The big problem is that I can't make authentication of ldap user with X-win 6.0 ("Login incorrect; please try again").
From months I'm trying to implement this system please help me, I can show you my definitions.
Thank you
Francesco
I think the SSL mechanism is not working properly, as even when I reduce the ssf restrictions in OpenLDAP, I get a "TLS: can't accept." from slapd.
Similar Messages
-
Jabber for iPhone 9.6 Integration with OpenLDAP
Hi everyone! i just found an issue when try to integrated jabber for iphone version 9.6 with OpenLDAP that seem like not working and want to describe my environment as below.
Using BE6K 9.1 includes,
- CUCM 9.1.2
- IM&Presense 9.1
- Jabber for Window 9.6 integrate with OpenLDAP using EDI on jabber-config.xml is working properly.
- Jabber for iPhone 9.6 integrate with OpenLDAP using BDI on jabber-config.xml not working(cannot lookup)
- Jabber Voice for iPhone and Android can integrate with OpenLDAP which configure in phone configuration
- Both of Jabber can't access the photo in OpenLDAP with "jpegPhoto" attribute.
By the way im also included jabber-config.xml files for further troubleshooting. Another question, is it possible to include EDI and BDI for working together in one jabber-config.xml file
One another file is jabber for iphone log when im trying to search "anu" word in searching box
-- 2557-02-02 20:48:06.045 DEBUG [3d8d018c] - sidebar search, string is : a <------ started from this line in my log file for easier troubleshooting.
If you need more log or any files for troubleshoot just tell me. Thanks for reading!.
<Jabber-config.xml>
<?xml version="1.0" encoding="utf-8"?>
<config version="1.0">
<Directory>
<DirectoryServerType>BDI</DirectoryServerType>
<BDILDAPServerType>OpenLDAP</BDILDAPServerType>
<BDIPrimaryServerName>10.0.1.11</BDIPrimaryServerName>
<BDIServerPort1>389</BDIServerPort1>
<BDIConnectionUsername>cn=xxx,dc=xxxx,dc=xx,dc=xx</BDIConnectionUsername>
<BDIConnectionPassword>xxxxxxxBDIConnectionPassword>
<BDIUseJabberCredentials>false</BDIUseJabberCredentials>
<BDIEnableTLS>false</BDIEnableTLS>
<BDIPredictiveSearchFilter>uid</BDIPredictiveSearchFilter>
<BDIUserAccountName>uid</BDIUserAccountName>
<BDIBaseFilter>(&(objectClass=inetOrgPerson)</BDIBaseFilter>
<BDISearchBase1>ou=users, dc=xxxx,dc=xx,dc=xx</BDISearchBase1>
<BDIUseANR>false</BDIUseANR>
<ConnectionType>1</ConnectionType>
<PrimaryServerName>10.0.1.11</PrimaryServerName>
<UseWindowsCredentials>0</UseWindowsCredentials>
<UseSecureConnection>0</UseSecureConnection>
<SearchBase1>ou=users, dc=xxx,dc=xx,dc=xx</SearchBase1>
<UserAccountName>uid</UserAccountName>
<BaseFilter>(&(objectClass=inetOrgPerson)</BaseFilter>
<PredictiveSearchFilter>uid</PredictiveSearchFilter>
<ConnectionUsername>cn=xxxx,dc=xxx,dc=xx,dc=xx</ConnectionUsername>
<ConnectionPassword>xxxxxx</ConnectionPassword>
<PhotoSource>jpegPhoto</PhotoSource>
</Directory>
</config>Hi noom_ekkalak ,
Thanks for your answer!
I have specific LDAP parameter in TCT phone configuration as you say, then try to connect the "Directory" setting in Jabber Voice, but it didn't work . i just get the error “Unable to verify account” all the time. :(
Besides this ,is there anything i need to specific? How did you specific Jabber Voice "Directory" parameter?
Thank you! -
Problem with OpenLDAP and JNDI
I'm having problem working with OpenLDAP and JNDI.
First I have changed LDAP's slapd.conf file:
suffix "dc=antipodes,dc=com"
rootdn cn=Manager,dc=antipodes,dc=com
directory "C:/Program Files/OpenLDAP/data"
rootpw secret
schemacheck offthan i used code below, to create root context:
package test;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.naming.NameAlreadyBoundException;
import javax.naming.directory.*;
import java.util.*;
public class MakeRoot {
final static String ldapServerName = "localhost";
final static String rootdn = "cn=Manager,dc=antipodes,dc=com";
final static String rootpass = "secret";
final static String rootContext = "dc=antipodes,dc=com";
public static void main( String[] args ) {
// set up environment to access the server
Properties env = new Properties();
env.put( Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory" );
env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" );
env.put( Context.SECURITY_PRINCIPAL, rootdn );
env.put( Context.SECURITY_CREDENTIALS, rootpass );
try {
// obtain initial directory context using the environment
DirContext ctx = new InitialDirContext( env );
// now, create the root context, which is just a subcontext
// of this initial directory context.
ctx.createSubcontext( rootContext );
} catch ( NameAlreadyBoundException nabe ) {
System.err.println( rootContext + " has already been bound!" );
} catch ( Exception e ) {
System.err.println( e );
}this worked fine, I could see that by using "LDAP Browser/Editor".
and then I tried to create group with code:
package test;
import java.util.Hashtable;
import javax.naming.*;
import javax.naming.ldap.*;
import javax.naming.directory.*;
public class MakeGroup
public static void main (String[] args)
Hashtable env = new Hashtable();
String adminName = "cn=Manager,dc=antipodes,dc=com";
String adminPassword = "secret";
String ldapURL = "ldap://127.0.0.1:389";
String groupName = "CN=Evolution,OU=Research,DC=antipodes,DC=com";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
env.put(Context.PROVIDER_URL,ldapURL);
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Create attributes to be associated with the new group
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass","group");
attrs.put("samAccountName","Evolution");
attrs.put("cn","Evolution");
attrs.put("description","Evolutionary Theorists");
//group types from IAds.h
int ADS_GROUP_TYPE_GLOBAL_GROUP = 0x0002;
int ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 0x0004;
int ADS_GROUP_TYPE_LOCAL_GROUP = 0x0004;
int ADS_GROUP_TYPE_UNIVERSAL_GROUP = 0x0008;
int ADS_GROUP_TYPE_SECURITY_ENABLED = 0x80000000;
attrs.put("groupType",Integer.toString(ADS_GROUP_TYPE_UNIVERSAL_GROUP + ADS_GROUP_TYPE_SECURITY_ENABLED));
// Create the context
Context result = ctx.createSubcontext(groupName, attrs);
System.out.println("Created group: " + groupName);
ctx.close();
catch (NamingException e) {
System.err.println("Problem creating group: " + e);
}got the error code: Problem creating group: javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - groupType: attribute type undefined]; remaining name 'CN=Evolution,OU=Research,DC=antipodes,DC=com'
I tried by creating organizational unit "ou=Research" from "LDAP Browser/Editor", and then running the same code -> same error.
also I have tried code for adding users:
package test;
import java.util.Hashtable;
import javax.naming.ldap.*;
import javax.naming.directory.*;
import javax.naming.*;
import javax.net.ssl.*;
import java.io.*;
public class MakeUser
public static void main (String[] args)
Hashtable env = new Hashtable();
String adminName = "cn=Manager,dc=antipodes,dc=com";
String adminPassword = "secret";
String userName = "cn=Albert Einstein,ou=Research,dc=antipodes,dc=com";
String groupName = "cn=All Research,ou=Research,dc=antipodes,dc=com";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
env.put(Context.PROVIDER_URL, "ldap://127.0.0.1:389");
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Create attributes to be associated with the new user
Attributes attrs = new BasicAttributes(true);
//These are the mandatory attributes for a user object
//Note that Win2K3 will automagically create a random
//samAccountName if it is not present. (Win2K does not)
attrs.put("objectClass","user");
attrs.put("samAccountName","AlbertE");
attrs.put("cn","Albert Einstein");
//These are some optional (but useful) attributes
attrs.put("giveName","Albert");
attrs.put("sn","Einstein");
attrs.put("displayName","Albert Einstein");
attrs.put("description","Research Scientist");
attrs.put("userPrincipalName","[email protected]");
attrs.put("mail","[email protected]");
attrs.put("telephoneNumber","999 123 4567");
//some useful constants from lmaccess.h
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
int UF_PASSWORD_EXPIRED = 0x800000;
//Note that you need to create the user object before you can
//set the password. Therefore as the user is created with no
//password, user AccountControl must be set to the following
//otherwise the Win2K3 password filter will return error 53
//unwilling to perform.
attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED+ UF_ACCOUNTDISABLE));
// Create the context
Context result = ctx.createSubcontext(userName, attrs);
System.out.println("Created disabled account for: " + userName);
//now that we've created the user object, we can set the
//password and change the userAccountControl
//and because password can only be set using SSL/TLS
//lets use StartTLS
StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
tls.negotiate();
//set password is a ldap modfy operation
//and we'll update the userAccountControl
//enabling the acount and force the user to update ther password
//the first time they login
ModificationItem[] mods = new ModificationItem[2];
//Replace the "unicdodePwd" attribute with a new value
//Password must be both Unicode and a quoted string
String newQuotedPassword = "\"Password2000\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
// Perform the update
ctx.modifyAttributes(userName, mods);
System.out.println("Set password & updated userccountControl");
//now add the user to a group.
try {
ModificationItem member[] = new ModificationItem[1];
member[0]= new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userName));
ctx.modifyAttributes(groupName,member);
System.out.println("Added user to group: " + groupName);
catch (NamingException e) {
System.err.println("Problem adding user to group: " + e);
//Could have put tls.close() prior to the group modification
//but it seems to screw up the connection or context ?
tls.close();
ctx.close();
System.out.println("Successfully created User: " + userName);
catch (NamingException e) {
System.err.println("Problem creating object: " + e);
catch (IOException e) {
System.err.println("Problem creating object: " + e); }
}same error.
I haven't done any chages to any schema manually.
I know I'm missing something crucial but have no idea what. I have tried many other code from tutorials from net, but they are all very similar and throwing the same error I showed above.
thanks in advance for help.I've solved this.
The problem was that all codes were using classes from Microsoft Active Directory, and they are not supported in OpenLDAP (microsoft.schema in OpenLDAP is just for info). Due to this some fields are not the same in equivalent classes ("user" and "person").
so partial code for creating user in root would be:
import java.util.Hashtable;
import javax.naming.ldap.*;
import javax.naming.directory.*;
import javax.naming.*;
import javax.net.ssl.*;
import java.io.*;
public class MakeUser
public static void main (String[] args)
Hashtable env = new Hashtable();
String adminName = "cn=Manager,dc=antipodes,dc=com";
String adminPassword = "secret";
String userName = "cn=Albert Einstein,ou=newgroup,dc=antipodes,dc=com";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
env.put(Context.PROVIDER_URL, "ldap://127.0.0.1:389");
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Create attributes to be associated with the new user
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass","user");
attrs.put("cn","Albert Einstein");
attrs.put("userPassword","Nale");
attrs.put("sn","Einstein");
attrs.put("description","Research Scientist");
attrs.put("telephoneNumber","999 123 4567");
// Create the context
Context result = ctx.createSubcontext(userName, attrs);
System.out.println("Successfully created User: " + userName);
catch (NamingException e) {
System.err.println("Problem creating object: " + e);
}hope this will help anyone. -
[OIM 11g R1] OID 11.1.1.5.0 Connector with OpenLDAP: Errors in logs
I am using the Oracle Internet Directory 11.1.1.5.0 connector with OpenLDAP as my target system.
Every time I run the "LDAP Connector User search Reconciliation", I see the following error for each user.
<Feb 21, 2013 3:54:57 PM EST> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.RECON.SEARCHRECONTASK> <BEA-000000> <oracle.iam.connectors.icfcommon.recon.SearchReconTask : handle : Recon event skipped>
The reconciliation events do get generated in OIM and the reconciliation engine does link the account when a user match is found.
I am wondering what is causing that error to be thrown and whether if performance of the LDAP reconciliation is affected by this error.Any updates i am facing same problem.
thanks in advance -
Localizeddirectory.asp with OpenLDAP
Hello everyone,
I want to use OpenLDAP as my LDAP Server then I'm trying to integrate my OpenLDAP server with corporate directory. I use localizeddirectory.asp script in Cisco IP Phone Service SDK and modify it with my own settings. But the problem is I get the "HTTP 500 Internal Server Error" message when I try to access the file from the web browser. The script works with microsoft AD but doesn't work with OpenLDAP.
So I really need everyone's help on this one. Is it possible to configure localizeddirectory.asp Linux version in that same way like Microsoft Active Directory? Can anyone show me how to do this?
Thanks a lot before. Sorry for my bad english.
AgaVery strange. Not sure why framework of any version would interfere with ASP application. Only suggestion I'd have is to run Process Monitor and see if it shows you something. ProcMon is here;
http://technet.microsoft.com/en-ca/sysinternals/bb896645.aspx
Ludek
Follow us on Twitter http://twitter.com/SAPCRNetSup -
How to Integrate EBS 12 with OpenLDAP
Hi,
I have a requirement to integrate OpenLDAP with EBS 12.2, bidirectionally.
Is there a direct way of doing this, so that if a user is created in Oracle EBS (FND User) and attached to hr employee (with supervisor assigned and organization details), this information can be synchronized with OpenLDAP?
DulaPlease see
https://blogs.oracle.com/stevenChan/entry/indepth_using_thirdparty_identity_managers_with_eb
Integrating Oracle E-Business Suite Release 12.2 with Oracle Access Manager 11gr1 (11.1.1.5.0) using Oracle E-Business Suite AccessGate(Doc ID 1368292.1)
Integrating Oracle E-Business Suite Release 12.2 with Oracle Access Manager 11gr2 (11.1.2) using Oracle E-Business Suite AccessGate(Doc ID 1576425.1)
Troubleshooting Oracle Application Server 10g SSO and OID with Oracle E-Business Suite Release 12 (Doc ID 380487.1)
ApPsMaStI
sharing is Caring -
Messaging server with openldap
Hi all,
Is anybody here has an experience in handling sun java messaging server 7u2 with open ldap?
I tried to connect the messaging server with open ldap but still got error "Could not connect to LDAP server".
Isn't possible for them to communicate?
Pls advise.Hi, Shane,
I seem to be half way with the external LDAP stuff but run into problems. I added a set of objectclasses and attribute types to OpenLDAP. Next I changed the option.dat (and ran a cnbuild):
ALIAS_URL0=extldap:///$V?*?sub?$R
REVERSE_URL=extldap:///$V?$N?sub?$R
LDAP_EXT_HOST=10.20.30.40
LDAP_EXT_USERNAME=cn=Manager,dc=domain,dc=nl
LDAP_EXT_PASSWORD=secret
LDAP_EXT_BASEDN=dc=domain,dc=nl
LDAP_EXT_MAX_CONNECTIONS=10
LDAP_EXT_INITIAL_CONNECTIONS=0
DOMAIN_MATCH_URL=extldap:///dc=domain,dc=nl?objectclass?sub?(&(objectClass=sunManagedOrganization)(|(associatedDomain=$D)(sunPreferredDomain=$D)))
Would this constitue a valid configuration?
The good news is that I see LDAP connections arriving at the OpenLDAP server. The bad news is that:
1. I get errors on the ALIAS_URL0 and REVERSE_URL LDAP queries (see below for the log)
2. the $D in the DOMAIN_MATCH_URL is not replaced by the domainname before the LDAP query is started, so in the output of imsimta test -rewrite -debug and in the log file of OpenLDAP the $D characters show up instead of the domainname they should represent
Ad 1. error log in OpenLDAP:
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: read active on 12
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Aug 28 15:18:50 ws22763 slapd[7535]: connection_get(12)
Aug 28 15:18:50 ws22763 slapd[7535]: connection_get(12): got connid=10
Aug 28 15:18:50 ws22763 slapd[7535]: connection_read(12): checking for input on id=10
Aug 28 15:18:50 ws22763 slapd[7535]: conn=10 op=0 do_bind
Aug 28 15:18:50 ws22763 slapd[7535]: >>> dnPrettyNormal: <cn=Manager,dc=domain,dc=nl>
Aug 28 15:18:50 ws22763 slapd[7535]: <<< dnPrettyNormal: <cn=Manager,dc=domain,dc=nl>, <cn=manager,dc=domain,dc=nl>
Aug 28 15:18:50 ws22763 slapd[7535]: conn=10 op=0 BIND dn="cn=Manager,dc=domain,dc=nl" method=128
Aug 28 15:18:50 ws22763 slapd[7535]: do_bind: version=3 dn="cn=Manager,dc=domain,dc=nl" method=128
Aug 28 15:18:50 ws22763 slapd[7535]: ==> bdb_bind: dn: cn=Manager,dc=domain,dc=nl
Aug 28 15:18:50 ws22763 slapd[7535]: conn=10 op=0 BIND dn="cn=Manager,dc=domain,dc=nl" mech=SIMPLE ssf=0
Aug 28 15:18:50 ws22763 slapd[7535]: do_bind: v3 bind: "cn=Manager,dc=domain,dc=nl" to "cn=Manager,dc=domain,dc=nl"
Aug 28 15:18:50 ws22763 slapd[7535]: send_ldap_result: conn=10 op=0 p=3
Aug 28 15:18:50 ws22763 slapd[7535]: send_ldap_result: err=0 matched="" text=""
Aug 28 15:18:50 ws22763 slapd[7535]: send_ldap_response: msgid=1 tag=97 err=0
Aug 28 15:18:50 ws22763 slapd[7535]: conn=10 op=0 RESULT tag=97 err=0 text=
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: activity on 1 descriptor
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: activity on:
Aug 28 15:18:50 ws22763 slapd[7535]:
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: activity on 1 descriptor
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: activity on:
Aug 28 15:18:50 ws22763 slapd[7535]: 12r
Aug 28 15:18:50 ws22763 slapd[7535]:
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: read active on 12
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Aug 28 15:18:50 ws22763 slapd[7535]: connection_get(12)
Aug 28 15:18:50 ws22763 slapd[7535]: connection_get(12): got connid=10
Aug 28 15:18:50 ws22763 slapd[7535]: connection_read(12): checking for input on id=10
Aug 28 15:18:50 ws22763 slapd[7535]: ber_get_next on fd 12 failed errno=0 (Success)
Aug 28 15:18:50 ws22763 slapd[7535]: connection_read(12): input error=-2 id=10, closing.
Aug 28 15:18:50 ws22763 slapd[7535]: connection_closing: readying conn=10 sd=12 for close
Aug 28 15:18:50 ws22763 slapd[7535]: connection_close: conn=10 sd=12
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: removing 12
Aug 28 15:18:50 ws22763 slapd[7535]: conn=10 fd=12 closed (connection lost)
and in the output of imsimta test -rewrite -debug:
15:15:10.38: Looking up host "host.domain.nl".
15:15:10.38: - found on channel l
15:15:10.38: Routelocal flag set; scanning for % and !
15:15:10.38: Checking reverse URL cache for: [email protected]
15:15:10.38: Applying reverse URL pattern extldap:///$V?$N?sub?$R to: [email protected]
15:15:10.38: Resulting URL: extldap:///$V?$N?sub?$R
15:15:10.38: mmc_open_url_reason called to open extldap:///$V?$N?sub?$R, flags = 384
15:15:10.38: URL with quotes stripped: extldap:///$V?$N?sub?$R
15:15:10.38: LDAP URL identified
15:15:10.38: URL context #1 will be used
15:15:10.38: Performing URL search on: extldap:///$V?$N?sub?$R
15:15:10.39: URL open result -2: Search failed: Bad search filter (87)
15:15:10.39: URL resolution failed, status = -2
15:15:10.39: Override postmaster:
15:15:10.39: Mapped return address: [email protected]
15:15:10.39: from_access mapping check: ||MAIL|l|[email protected]|
Ad 2: the imsimta test -rewrite output:
*** Debug output from rewriting a forward envelope address:
15:10:59.48: Rewriting: Mbox = "user", host = "domain.nl", domain = "$*", literal = "", tag = ""
15:10:59.48: Rewrite: "$*", position 0, hash table -
15:10:59.48: Found: "$A$E$F$U%[email protected]"
15:10:59.48: Match, pattern = "domain.nl", current = "(*domaincheck*)"
15:10:59.48: old state = not checked.
15:10:59.48: Domain check on domain.nl.
15:10:59.49: mmc_open_url_reason called to open extldap:///dc=domain,dc=nl?objectclass?sub?(&(objectClass=sunManagedOrganization)(|(associatedDomain=$D)(sunPreferredDomain=$D))), flags = 0
15:10:59.49: URL with quotes stripped: extldap:///dc=domain,dc=nl?objectclass?sub?(&(objectClass=sunManagedOrganization)(|(associatedDomain=$D)(sunPreferredDomain=$D)))
15:10:59.49: LDAP URL identified
15:10:59.49: URL context #1 will be used
15:10:59.49: Performing URL search on: extldap:///dc=domain,dc=nl?objectclass?sub?(&(objectClass=sunManagedOrganization)(|(associatedDomain=$D)(sunPreferredDomain=$D)))
15:10:59.50: URL open result 0: Search succeeded but result set was empty
15:10:59.50: Added domain result 0 to cache for domain.nl.
15:10:59.50: new state = fail pending.
15:10:59.50: Rewrite failed due to prechannel mismatch.
and in OpenLDAP:
Aug 28 15:14:39 ws22763 slapd[7535]: conn=9 op=1 SRCH base="dc=domain,dc=nl" scope=2 deref=3 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=$d)(?sunPreferredDomain=$D)))"
Some questions:
1. are the settings in option.dat correct
2. if so, why is the $D not expanded before the LDAP lookup is performed?
3. it seems OpenLDAP doesn't like the search filter; where can I find the meaning of the $R
Your help greatly appreciated.
/rolf -
Cisco ISE v1.1.3 intergration with OpenLdap
Hi Guys,
We are trying to intergrate our ISE server with a Secondary OpenLdap server (Zentyal). The current primary server we are using for authentication is Active directory. We have managed to test the binding to the Secondary server successfully and added it in the Identity source sequences.
The error we are getting when authenticating the OpenLdap end user machine is as below:
1006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12304 Extracted EAP-Response containing PEAP challenge-response
11808 Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store - Zentyal
22043 Current Identity Store does not support the authentication method; Skipping it
Anyone who has experienced such an issue?
Please helpHi Salodh,
You were right!!! We installed a 3rd party supplicant that supported GTC on the Windows machine and the authentication succeeded. Next step is now Profiling the machine otherwise Thanks so much for your help and time. -
Identity firewall with OpenLDAP ?!
Hi Guys
I am interested to use identity firewall but I am using OpenLDAP , as far as I know there is no OpenLDAP agent like AD Agent!
Does it mean that I only able to use OpenLDAP for VPN authentication and not for identity feature ?
Thanks
EhsanProbably the answer is Yes I guess , ASA identity feature works only with Microsoft Active Directory !!!!
-
How do I integrate ICS5.x with openLDAP?
I struggled mightily to get openLDAP to work with iPlanet?s Calendar Server 5.x (ICS5.) The upshot of the problem is that ICS5 has some unique schemas that need to migrate their way into openLDAP. What I?ve done is use the Perl script migrateSchemaTo5.pl supplied in the ICS5 opt/perl directory to migrate the following old style (pre r5) schema files that iPlanet supplies in the directory C:\iPlanet\CalendarServer5\cal\bin\config to LDIF format:
ics50-schema.conf (most important)
ns-wcal-schema.conf (not so important, may be able to survive without this one)
um50-common-schema.conf (important, ics50-schema.conf relies on this one)
Once in LDIF format, it is easy to grep through them and convert to the .schema format of the other openLDAP schema files supplied in the <openldap-root>/schema directory. Alas, the problems don?t end there as openLDAP complains if there are empty MUST or MAY clauses in the .schema files, so get rid of any of those.
When done, I put the new .schema files in the schema directory and included them in the slapd.conf file as such:
include c:/openldap/schema/inetorgperson.schema
include c:/openldap/schema/ns-wcal.schema
include c:/openldap/schema/um50-common.schema
include c:/openldap/schema/ics50.schema
Note that order is important as ics50.schema, for example, depends upon the um50 schema file being loaded first. If you have difficulty starting slapd after adding the schema files, add one at a time and monkey with the individual files until it works and proceed to the next.
You?ll know you have a fully functional implementation of ICS 5.x if you can successfully subscribe to multiple calendars. Check the http.log in the <ICS5root>/var/logs directory for any errors in adding LDAP entries to the directory for verification.
Hope this helps! -Jake -
Hello everybody,
i have some problems.
My initial position:
Installed dual stack SAP NetWeaver Portal 2004s
--> Datasource for UME: ABAP-System
Installed OpenLDAP
Have anybody some guidelines for the configuration a UME with LDAP.
I had read all SAP help entries. Not so helpful.
I couldnt change DataSource, i dont know why ;-(
Please help
reneHi,
If you are using SAP Web AS ABAP User Management as datasource, you cannot change to any other data source configuration. For details, see SAP Note [718383|https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes/sdn_oss_bc_jas/~form/handler].
http://help.sap.com/saphelp_nw04/helpdata/en/49/9dd53f779c4e21e10000000a1550b0/frameset.htm
Regards,
Praveen Gudapati -
Mount homedir autofs with openldap server
I'm having trouble mounting home directories on mac clients running leopard from a linux openldap server. The login/password auth works fine, but somehow the autofs is not working correctly with the openldap server.
I need some help in troubleshooting. From what I've read on the web, autofs is now suppose to work in leopard.
Thanks,
YasiSounds like something you should be posting to the server or linux forums.
-
Dynamic vlan assignment with openldap
Hi,
I have a scenario where my customer has an ACS 5.2 and couple WLCs. the customer has also a openldap database and needs to do dynamic vlan assignement for his wireless user against this database. I know that for Active directory it works, please advise if it does as well for openldap and how?
Regards,No it doesnt work if you are using mschap v2 here is a grid of the supported eap based protocols and the directory services:
You can find this information here:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/eap_pap_phase.html#wp1045863
Hope this helps. -
Integration with JBoss and OpenLDAP
Hello All
Please bear with me as I try to pose my questions as clearly as possible given that I'm new to JDeveloper and ADF. I have a client who is looking to develop an application that will be used to monitor and maintain batch processes for a third-party compliance tool that currently does not offer any type of batch scheduling functionality. They are looking to develop and maintain one that is accessible by a handful of users that currently maintain the compliance tool.
The compliance tool is deployed on a JBoss technology stack and the application itself authenticates against and OpenLDAP server.
The goal is to develop an web-based application using JDeveloper that can be deployed as a WAR file to their existing JBoss infrastructure. When accessing the appropriate URL for this tool, it would first present them with a login screen. The credentials entered by the user would then be validated against their OpenLDAP server to determine the level of access granted in the batch monitoring utility.
Can this be accomplished using JDeveloper and ADF? I believe I came across this article that walks on through the deployment of an ADF 11g application to JBoss: http://blogs.oracle.com/jruiz/2009/01/deploying_an_adf_11g_applicati.html
However, I can seem to find a good article or tutorial on how to properly interface with OpenLDAP. Am I correct in assuming that I must develop my own login component to handle this authentication?
Thanks in advance.
JoeHi, my code is something like this:
in the backing file:
import com.bea.netuix.servlets.controls.content.backing.AbstractJspBacking;
import com.bea.wsrp.ext.holders.MarkupRequestState;
import com.bea.wsrp.ext.holders.SimpleStateHolder;
public class xxxx extends AbstractJspBacking
public boolean preRender(HttpServletRequest request,
HttpServletResponse response)
request.setAttribute("parameter","value");
return true;
in the consumer i'm not using :
SimpleStateHolder state = new SimpleStateHolder();
state.addParameter("parameter", "value");
because my producer is jboss portal,
in the producer:
protected void doView(RenderRequest rRequest, RenderResponse rResponse)
throws PortletException, IOException, UnavailableException
rResponse.setContentType("text/html");
rRequest.getParameter("parameter");
thanks! -
SQL Developer 4.0 EA2 -- Cannot use OpenLDAP with LDAP connect option
Hi,
I've got OpenLDAP setup to work with my Oracle clients, to serve up TNS connect strings, in lieu of having tnsnames.ora files scattered about hundreds of servers.
This is working fine with 10g/11g, both full and instant clients, no problem.
Now, I'm trying to configure SQL Developer 4.0 EA2 working with it, as well.
When I attempt to do so, I'm able to select the "LDAP" option in "Connection Type", and the "LDAP Server" drop down list is correctly populated with my LDAP server, from ldap.ora.
However, when I select it, I get the following error:
Status : Failure -[LDAP: error code 32 - No Such Object]
Now, I've done some research, and I monitored the slapd.log file, which shows me the following:
Sep 18 02:43:35 einstein slapd[2779]: conn=1034 fd=16 ACCEPT from IP=192.168.125.1:63781 (IP=0.0.0.0:389)
Sep 18 02:43:35 einstein slapd[2779]: conn=1034 op=0 BIND dn="" method=128
Sep 18 02:43:35 einstein slapd[2779]: conn=1034 op=0 RESULT tag=97 err=0 text=
Sep 18 02:43:35 einstein slapd[2779]: conn=1034 op=1 SRCH base="" scope=2 deref=0 filter="(objectClass=orclContext)"
Sep 18 02:43:35 einstein slapd[2779]: conn=1034 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
Sep 18 02:43:35 einstein slapd[2779]: conn=1034 op=2 UNBIND
Sep 18 02:43:35 einstein slapd[2779]: conn=1034 fd=16 closed
Which is a lot more detail, but reflects the corresponding error code, (32 - No Such Object).
After doing some testing with ldapsearch, I've been able to replicate what SQL Developer is doing, and get the exact same error.
That ldapsearch command is:
ldapsearch -h einstein -p 389 -c -x -D "" -b "" "(objectClass=orclContext)"
Looking in the slapd.log file, I find an identical error to what is produced from SQL Developer.
Further, the query that SQL Developer wants to do can be successfully done with the following ldapsearch:
ldapsearch -h einstein -p 389 -c -x -D "" -b "dc=proquest,dc=com" "(objectClass=orclContext)"
So, it seems the problem is with the fact that SQL Developer is not supplying a search base.
I'm no LDAP expert, and I'm really not sure where to turn next....
Is there a SQL Developer option that allows me to set that search base? Is there a configuration I'm missing on the LDAP server configuration?
Thanks,
-MarkWell, that didn't take long. I managed to find a solution to the problem.
It comes down to the fact that SQL Developer doesn't supply a search base, and my LDAP server didn't have a default search base defined.
When I edited slapd.conf (the OpenLDAP config file) and added a "defaultsearchbase" parameter, and bounced the LDAP server, everything started to work.
I now have a working configuration with OpenLDAP and SQL Developer.
I'll mark this discussion as closed.
-Mark
Maybe you are looking for
-
Check what oracle installed components are actually being used in database
I have been allotted a new database which I have to optimize. So I am thinking about removing some installed components which I think are not being used in any way in database (i.e procedures calls etc). I can see a whole lot of components like "SDO"
-
Is there way to pay for a movie, tv show without it downloading automatically?
What do I do?
-
Bridge CS5 provides partially incorrect metadata
Bridge CS4 indicated correctly under File Properties the application that created a converted Raw file - for me this is often Capture One . Now in Bridge CS5 more often then not Bridge CS5 lists the files incorrectly under 'Application' as PS CS4 Ma
-
Save Project as an Archive does not work
When I attempt to do a "save as" for my project in GarrageBand 3.04, the Save as an Archive box is grayed out and not available for selection. What is the issue with GarrageBand and what is the work around for this problem?
-
Upgraded and now cannot open iPhotos
I just updated to Maverick, but now iPhotos 9.2.3 won't open. Did I just loose all my photos? If I upgrade my iPhotos, will I be able to get them back?