EP60 and LDAP integration with Micosroft AD- Issues

Hello,
We have configured EP6 SP11 and Microsoft AD for the user authentication as below.
MsAD:
AD_Compass_Domain
OU= Accounts
    OU=CORPORATE
          OU=IT
                User1 (User master record)
                 User2 (User master record)
            OU=FI
                 User3 (User master record)
OU=SAP_Portal
       OU=Corp_LDAP
             OU= Groups
                      SAP_Portal (Group Object and users are member of this group object as a link from all different OUs -user1,user2,user3)
              OU= Users
EP6 LDAP config:
Data Sources: Microsoft ADS (Flat Hierarchy) + Database
(We also tried Deep hierarchy didn't work)
LDAP Server:
User Path : OU=SAP_Portal,DC=NA,DC=CompassDev,DC=Corp
Group Path :
OU=Groups,OU=Corp_LDAP,OU=SAP_Portal,DC=NA,DC=CompassDev,DC=Corp
The issues:
1- SAP Portal could not see the group object when I browse the LDAP from portal.
2- SAP Portal is not allowing users (User1, User2, User3 etc which are member of the group object) to log in to the portal unless I put users directly under OU level like OU=Groups or if I point the path to the
OU=Accounts level which we do not want to do that because we have 50,000 users defined under OU=Accounts and we want just some of them like 3000 users. Portal gives the message
user authentication failed
Note: I checked the UME and I dont see the users listed in the group objects. Group object "SAP_Portal" is Universal Group object. (We also tried the global type)
3- When we put user directly under OU level, then users can log in but they are not able to change their password. We also can not change the user passwords through the Portal admin tools(UME or Visual Admin). I
have heard that without SSL, MsAD would not allow portal users to change their password.
a. (Portal internal user, [email protected], has
only read access on MsAD)
Note: We use 3268 as an AD port and 389 is also active I tried both of them but no chance.
Thanks for your help in advance.

Sasikanth,
Usually before you switch UME to AD, you would read it with an LDAP web compliant browser, to check if you could access your OU, Group, and Users. Are you sure you can read the complete LDAP structure on AD?
Kindly re-check the process, to see if you missed out on any steps.
http://help.sap.com/saphelp_erp2004/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm
Check note 772620 - UME 4.0: Create Groups on Microsoft Active Directory Server
Regards,
James

Similar Messages

ISE and LDAP Integration

Hello,
I have a question about the LDAP integration with the ISE:
Since the ISE has a limitation of reading only 100 groups, I cannot find the groups that I need to use on the authorization, and also the ISE cannot find group if I search for it directly.
What I mean here, that I can fetch the first 100 groups from the top of the directory, but when I search as example for any group (appear on the list or not) the ISE did not find it.
Even I tried to change the base DN and the search DN but without luck.
The ISE version is 1.1.4 installed on VM and the LDAP schema is AD.
Is there any missing information/tips required in such integration?

Hello,
I found a cisco doc that provides resolution of Key Features of Integration of Cisco ISE and LDAP .I hope this helps!
This section contains the following:
•Directory Service
•Multiple LDAP Instances
•Failover
•LDAP Connection Management
•User Authentication
•Authentication Using LDAP
•Binding Errors
•User Lookup
•MAC Address Lookup
•Group Membership Information Retrieval
•Attributes Retrieval
•Certificate Retrieval
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1059913

LDAP integration with ISE

We are doing an LDAP integration with ISE but we are getting following error. We are not able to identiry the problem when we tested the following scenirios.
1. When we check with Anonymous access we are successful and we get the message “ Bind Successful to gluetest.systems.XXXX:3269”
2. When we use the user name and password CN=GRHIIISEPOC,OU=,XXXX, DC=YYYY, DC=ADROOTTEST,DC=YYYY. We are not successful and we get the message “ Test Failed: Invalid Admin Credentials or Security Settings: Check Admin Username and Password and make the security settings are compatible with the server:”
Please confirm is the user id what i am using is not having an admin preveliages or i am entered the parameters correctly.
Thanks

Did you use softerra or an ldap browser to pull the dn of this user account.
Thanks
Sent from Cisco Technical Support Android App

Brief discussion on SAP XI and its' Integration with SAP MDM.

Hi,
I have never worked on SAP XI.
I am discussing it on brief, please give your valuable replies.
SAP XI consists of System Landascape Directory(SLD).
SLD Consists of Business System and Techinical System.
Technical System contains all information about the software
component. The Business System consists of Inbound and Outbound Business
System which are used as logical names for data transfer.
There is communication Channel for Receiver and Sender Business System and n agreement
is signed between Sender and Receiver.
Outbound Interface defined for Business System Outbound and Techical System associated
with the Business System,
Inbound Interface defined for Business System Inbound and Techical System associated
with the Business System.
In SAP NetWeaver XI Integration Directory, we have defined the Integration Scenarios,
Actions, Interface Objects, Mapping Objects, Adapters Objects.
Mapping Object defines the Structure and Value Mapping.
Adapter Objects defines the Adapter program which implements RFC Adapter, FTP Adapter logic.
FTP Adapter is used for XI-MDM Communication.
RFC Adapter is used for XI-ECC Communication.
Integration Repository: Both Outbound and Inbound Interfaces are Mapped with Value mapping and
Structure Mapping inside Integration Repository.
The File Adapter takes the File from the Outbound port of MDM System
and sends it as IDOC to Receiver Business System.
Value Mapping must be done between Sender and Receiver interfaces.
Value Mapping is done by XSLT or Java based program.
SAP NetWeaver XI Integration Server at runtime:
Message Split, Interface Determination, Receiver Identifaction, Mapping, Techincal Routing
and Call Adapter Proccess are done.
In SAP XI 3.0 and MDM 5.5:
Step 1: Create busines system as service.
Step 2: Create communication channel for each business service. If the system can communicate
through different channels, then create all possible channel types if necessary.
Step 3: Create receiver agreement between the systems.
Step 4: Interface determination:
- Here you see for the first time the software component mentioned;
there are some special requirements regarding this software component in relation to the customizing ID mapping.
- To modify this software component, the customer needs to copy the SAP standard delivered software component
into its own namespace. The customer is able to modify to create archives
for the customized ID mapping.
Receiver determination.
Configure an FTP Server on the MDS.
Create a send folder for outbound messages using outbound port(s) for
remote systems(s).
Create receive folder inbound messages using inbound port(s) for remote systems.
This ia all about concept of SAP XI Infractsture and its' Integration with SAP MDM 5.5.
Regards
Kaushik Banerjee

Hi Kaushik,
You must be aware of File types that MDM Import Manager can Import i.e. we have XML, Excel etc. Now there are two transactions to extract data from R3
1. MDMGX -
         - For lookup table extraction
         - Output in XML format which MDM can import without using XI.
          - FTP can be configured to put the file in the desired folder which will be then picked by Import Server.
2. MDM_CLNT_EXTR -
          - For Main table records.
          - Output is in Idoc format which MDM doesn't understand hence we need XI in between which converts Idoc file received from R3 into XML which can then be imported using Import Manager or Import Server. For this we need to implement XI Scenario that consists of Source System, Receiver System, Type of Data etc.
Just a basic understanding...
Regards,
Jitesh Talreja

SSRS 2012 report integrated with SharePoint 2013 issue :Report refreshing after some idle time

we have SSRS 2012 report integrated with SharePoint 2013 , when we click on any toggle item after some idle time of 60 secs and try again to expand
another toggle item then complete report is getting refreshed and if we are in child report it is redirecting to parent report. . we didn’t set any refreshing property at report level. I hope there will be some idle time setting at sharepoint site
level.
what we observed.
1. there is no problem when we expand toggle items without any idle time.
2. when we open the report and expand few toggles and keep idle for 60 seconds and try
again to expand another toggle item then complete report is getting refreshed (all toggle items are collapsing).
3. If you keep idle for 60 minutes and if you didn’t do any action like expanding toggle
items it is not refreshing.
why it is happening and how to stop that complete refresh.
Surendra Thota

Hi Surendra,
I have tested on my local environment and the issue can be caused by the session time out ,the time out of the report precessing, database timeout,DataSet query execution timeout and so on.
I would like to confirm that the refresh you have mentioned is the page refresh or the report reloading?
Please reference to the setting below to don't limit the timeout values if you got the report reloading:
Point to a report in the library.
Click the down arrow, and select Manage processing options.
In Processing Time-out, select Do not time out report processing or
Limit report processing in seconds if you want to override that value with no time-out or different time-out values.
If you got the session timeout that refresh the page, please reference to the setting in below article:
http://msdn.microsoft.com/en-us/library/gg492284.aspx#bkmk_session_settings_section
Details information in the article below about the timeout setting for your reference:
Set Processing Options (Reporting Services in SharePoint Integrated Mode)
If you still have any problem, please feel free to ask.
Regards
Vicky Liu
If you have any feedback on our support, please click
here.
Vicky Liu
TechNet Community Support

LDAP Integration with CUCM 9.0

We would like to use LDAP to sync all of our users from Active Directory. All of our current CM Users are local, the problem is that they have the same user names as our Active Directory users. From what I understand this is going to be a problem because:
"If accounts from LDAP match an existing Unified CM account that is not marked as an LDAP synchronized account, then these accounts are ignored."
Does that mean we will have to delete all our existing CM users in order to sync the LDAP users correctly? Is there a best practice for this? Once we syncronize the LDAP users how to I ensure that the user gets associated with the proper phone? Or do I have to visit each user individually?

I just did a quick test for this, my lab CUCM 9 is already LDAP integrated, but I created a local user, then I created that same local user in my LDAP OU, and performed a full sync.
The user is no longer showing as a local active user, but as an active LDAP synchronized user.
Which was my thought, there's only one conversion, from LDAP to local.
The behavior is just as with any previous release, local users who match an LDAP user after you enable it, are just updated, and kept with all their configurations.
I checked the option to turn it back again into a local user, did a full sync, and it's again an active LDAP user.
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk

Intel vPro AMT integration with SCCM 2012R2 - Issues with SCCM finding the "ConfigMgr AMT Web Server Certificate"

Good evening all,
I'm attempting to get Intel SCS integrated with SCCM 2012 R2 and I have both sides working, doing what they do best, however, I have issues when I try to mate the two. I started with a single server for the site and then tackled the Intel side with success,
then I added another site server to run the Out of Band service point and Enrollment point. Up until this point I've had no issues with certificate templates, or issuance of those certs.
I have re-read the TechNet documents a few times regarding the PKI setup, some Intel documentation and three step by step articles and non of them seem to differ so I can't understand why I'm unable to choose my "ConfigMgr AMT Web Server Certificate"
when configuring the Out of Band Management Component Properties page. The "AMT web server certificate template:" dialog shows my CA FQDN and CA name, but the certificate template list is always blank. I've tried this from both the remote
and local ConfigMgr consoles. The site servers have rights on the CA to manage and issue certs, is there something I'm missing that isn't in the documentation or buried somewhere that I missed? Is there a Application policy that should be on the
cert that isn't mentioned anywhere?
Thanks in advance!
Tesfaye

Hi Joyce,
Thanks for responding. I pretty much have this error repeating in the log file and not much else:
[28, PID:13388][05/21/2014 15:17:15] :System.DirectoryServices.DirectoryServicesCOMException\r\nThere is no such object on the server.
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindAll()
   at Microsoft.ConfigurationManagement.AdminConsole.Common.ADUtils.EnumEnterpriseCACertificateTemplates(String domainEntryName, String certAuthorityFqdn, Boolean isServerAuthen)\r\n
I will look into this, but another hint would be greatly appreciated!
Thanks,
Tesfaye

Show and Share integration with MS SharePoint?

Does Show and Share have any integration with Microsoft Share Point? Customer is asking, I don't see anything.

Dear
yes of course you can , kindly cheeck the below datasheet and the integration will be through API
http://www.cisco.com/en/US/prod/collateral/video/ps9339/ps6681/data_sheet_c78-477948.html.
There is other option i just read about it few days ago smarthub ASE.
Thank you
please rate if this will help

Portal integration with Exchange SSO issue

Hello,
We are using NW04s EP 7.0 SP16 and Exchange server 2003. We are trying to perform OWA and Groupware integration. Both the servers are in the same domain. The latest Kerbmap filter is configured in the Exchange back end server. Everything works fine when we do User Mapping.
The SSO for Outlook Web Access works fine when pointed to the exchange back end server directly.
The SSO for groupware functionality such as appointments doesn't work. The error message is "No logon data found for system Exchange". The Exchange system is configured for SAPlogontickets and so i don't understand why its looking for user mapping.
Anyone faced a similar problem? does anyone made this to work using SSO?
Thanks,
~Yasin

hi Mannings,
there will be a new business package for SEM which will be relased and will be based on Web Dynpro. They will create views for integrating BPS, BSC etc for you by default and with the Portal Look and Feel too. But you might have to wait a while for that. AS for SSO - SSO tickets are absolutely supported and fine.
Currently you can use BSP iviews to integrate SEM BSP applications into the portal.
For Integrating BW in portal, the steps you have mentined are for information boradcasting from BW. A very simple way would be to create BW reports based iviews and just supply the query string for the bw report to be integrated. For transactions and other areas you can use the internal ITS provided with 640.

XMII and BW Integration with OLAP connector

Hello Colleague,
Need your help in one of our xMII and BW integration. We have created all the config step as indicated in the How Tou2026 Integrate xMII with the Business Information Warehouse guide in SDN.
But when I tried created an OLAP query in xMII work bench it is giving following error. And the default Trace indicate the below detail.
36##0#0#Error#1#/Applications/XMII#Java###org.apache.commons.httpclient.HttpRecoverableException: org.apache.commons.httpclient.HttpRecoverableException: Error in parsing the status line from the response: unable to find line starting with "HTTP"
[EXCEPTION]
#1#com.sap.xmii.Illuminator.system.CommunicationException: org.apache.commons.httpclient.HttpRecoverableException: org.apache.commons.httpclient.HttpRecoverableException: Error in parsing the status line from the response: unable to find line starting with "HTTP"
     at com.sap.xmii.Illuminator.connectors.OLAP.XMLARequestHandler.discoverRequest(XMLARequestHandler.java:129)
     at com.sap.xmii.Illuminator.connectors.OLAP.OLAP.doProcessRequest(OLAP.java:91)
     at com.sap.xmii.Illuminator.connectors.AbstractConnector.processRequest(AbstractConnector.java:97)
     at com.sap.xmii.Illuminator.services.handlers.IlluminatorService.processRequest(IlluminatorService.java:56)
     at com.sap.xmii.Illuminator.services.ServiceManager.runQuery(ServiceManager.java:49)
     at com.sap.xmii.servlet.Illuminator.service(Illuminator.java:63)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)
     at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)
     at com.sap.xmii.system.SecurityFilter.doFilter(SecurityFilter.java:100)
     at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:384)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: org.apache.commons.httpclient.HttpRecoverableException: org.apache.commons.httpclient.HttpRecoverableException: Error in parsing the status line from the response: unable to find line starting with "HTTP"
     at org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1962)
     at org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2653)
     at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1087)
     at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:643)
     at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:497)
     at com.sap.lhcommon.xml.XMLHandler.getDocumentWithPost(XMLHandler.java:502)
     at com.sap.xmii.Illuminator.connectors.OLAP.XMLARequestHandler.discoverRequest(XMLARequestHandler.java:126)
Kindly Help.
Best Regards,
Biswa

Hi Biswa,
you go through the following threads which is regarding OLAP connector:
https://forums.sdn.sap.com/click.jspa?searchID=14697177&messageID=5530170
https://forums.sdn.sap.com/click.jspa?searchID=14697177&messageID=5636842
Hope this will help you.
Thanks,
Manisha

Jabber for Windows - without LDAP integrated with CUCM Jabber UDS - NO PEOPLE CAN SEARCH

Hi all Jabber Experts,
I have the CUCM, which is the versin 8.6 and the Presence Server, which is the version 8.6, that is not integrated the LDAP, but I want to deploy the Jabber for Windows.
So I would use the UDS to deploy the Jabber for Windows (modified the XML and uploaded to the CUCM TFTP server).
Finally, that can login the users, which is manually added from CUCM.
But I cannot search other users from the Bubby List. Any idea for that?

First of all, either you use CUCM 8.6 with CUPS 8.6, or you use CUCM 9.1 with IM&P 9.1, what you're mentioning is just impossible as they're not compatible and that's not supported.
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk

New id integration with ipad 2 issues

I recently changed my apple id. Had issues integrating new id with iphone 5 and ipad 2. Got advice to correct and it worked on the iphone, but not on ipad. Im unable to access Appstore or itunes. Old user id still pops up. Icloud settings on ipad are set to my new id.

What id shows in Settings > iTunes & App Store on your iPad ? If it's wrong then tap on it and log out of your account and then log back in with the updated version of your account.
If you created a new account as opposed to your existing account, then your existing downloads will remain tied to your old account, so only that old id can potentially redownload its past purchases and/or download updates to its apps.

SAP Sourcing 7.0 integration with SAP ERP - issue with SAP PI

Hi All,
We are integrating SAP Sourcing 7.0 with SAP ERP 6.0 with SAP PI 7.1 in middle. So the Sourcing will talk to PI and this intern will talk to ERP. Sourcing is on oracle 11g where as PI and ERP are on SQL 2008. All these 3 are on windows 2003 x64.
We are following the "Configuration Guide Integration of SAP ERP and SAP Sourcing 7.0" provided by SAP.
We have successfully configured Sourcing and PI systems as pe the document. In Sourcing, by using background jobs we are able to successfully generate files in "export" folder which is part of FTP directory.
However the issue is with PI, we configured the "configuration scenerio" in Integration builder and point all channels to the FTP folder in Sourcing. But PI is not picking up these files.
Is there any way to trigger this in PI system. Or do we need to do anything in sourcing itself.
Regards,
Siva.

Hello Siva,
I am thinking that you may need to deploy FTP adapter in PI to get this process work fine but not sure.
Let's see what other experts suggest.
Thanks,
Siva Kumar

Strip @domain on LDAP Integration with Cisco ISE?

Hi there ,
I got a WLC conntect with a Cisco ISE. There are two SSID authenticated against the ISE.
One SSID has AD-Integration as External Identity Source, the other SSID is authenticated through LDAP.
Authentication ist working fine.
When an user authenticates through LDAP, he/she has to enter "username@domain". The protocol is EAP-GTC.
How can I change the ISE that the user has only to enter "username" and the "@domain" part ist already set on the ISE?
Thansk a lot,
Norbert

From the user guide it seems that LDAP only allows you to strip the prefix/suffix and can't add the suffix.
http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_man_id_stores.html#wp1054421
Strip start of subject name up to the last occurrence of the separator
Strip end of subject name from the first occurrence of the separator
Regards,
Jatin
Do rate helpful posts-

CQ5.5 and ldap integration/synchronization

Hi,
I have been trying to integrate ldap with CQ5.5 on Win7 machine. Following are the steps I have taken:
1. Installed cq-service-pack-5.5.2.20121012.zip
2. Installed cq-update-pkg-5.5.10.zip
1. Created F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf file with following content:
com.day.crx {
   com.day.crx.core.CRXLoginModule optional
   tokenExpiration="1800000";
   com.day.crx.security.ldap.LDAPLoginModule required
              principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"
              tokenExpiration="1800000"
              host="xx.xx.xx.xx"
              port="636"
              secure="true"
              authDn="adt\\taduser"
              authPw="xxxxxx"
              userRoot="OU=publish,OU=people,DC=adt,DC=com"
              userIdAttribute="userPrincipalName"
              autocreate="create"
              autocreate.path="none"
              autocreate.user.firstName="rep:firstName"
              autocreate.user.mail="profile/email"
              autocreate.user.sn="profile/familyName"
              autocreate.user.cn="rep:fullname"
              groupRoot="OU=publish,OU=group,DC=adt,DC=com"
              groupNameAttribute="CN"
              autocreate.group.description="description"
              autocreate.group.cn="rep:groupName"
              groupMembershipAttribute="member"
              userFilter="(objectClass=person)"
              groupFilter="(objectClass=group)"
              cache.expiration="1"
              cache.maxsize="1";
2. Updated F:\installed\cq5\author\crx-quickstart\repository\repository.xml with:
<?xml version="1.0" encoding="ISO-8859-1"?>













<!DOCTYPE Repository PUBLIC "-//Day Management AG//DTD CRX 2.4//EN"
                            "http://www.day.com/dtd/repository-2.4.dtd">
<Repository>
    
    
    <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
        <param name="path" value="${rep.home}/repository"/>
    </FileSystem>
    
    <DataStore class="com.day.crx.core.data.ClusterDataStore"/>
    
    <Security appName="com.day.crx">
        
        
        <SecurityManager class="com.day.crx.core.CRXSecurityManager">
        
                        <WorkspaceAccessManager class="org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager"/>
                        <UserManager class="com.day.crx.core.CRXUserManagerImpl">
                        <param name="usersPath" value="/home/users"/>
                        <param name="groupsPath" value="/home/groups"/>
                        <param name="defaultDepth" value="1"/>
                        </UserManager>
            
            
        </SecurityManager>
                    
        <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
        
        <LoginModule class="com.day.crx.core.CRXLoginModule">
            <param name="anonymousId" value="anonymous"/>
            <param name="adminId" value="admin"/>
            <param name="disableNTLMAuth" value="true"/>
            <param name="tokenExpiration" value="43200000"/>
            
        </LoginModule>
    </Security>
    
    <Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="crx.default" maxIdleTime="5"/>
    
    <Workspace name="${wsp.name}" simpleLocking="true">
        
        <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
            <param name="path" value="${wsp.home}"/>
        </FileSystem>
        
        <PersistenceManager class="com.day.crx.persistence.tar.TarPersistenceManager"/>
        
        <SearchIndex class="com.day.crx.query.lucene.LuceneHandler">
            <param name="path" value="${wsp.home}/index"/>
            <param name="resultFetchSize" value="50"/>
        </SearchIndex>
        
        <WorkspaceSecurity>
            <AccessControlProvider class="org.apache.jackrabbit.core.security.authorization.acl.ACLProvider">
                <param name="omit-default-permission" value="true"/>
            </AccessControlProvider>
        </WorkspaceSecurity>
        
        <Import>
            <ProtectedItemImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
            <ProtectedItemImporter class="org.apache.jackrabbit.core.security.user.UserImporter">
                <param name="importBehavior" value="besteffort"/>
            </ProtectedItemImporter>
        </Import>
    </Workspace>
    
    <Versioning rootPath="${rep.home}/version">
        
        <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
            <param name="path" value="${rep.home}/version"/>
        </FileSystem>
        
        <PersistenceManager class="com.day.crx.persistence.tar.TarPersistenceManager"/>
    </Versioning>
    
    <SearchIndex class="com.day.crx.query.lucene.LuceneHandler">
        <param name="path" value="${rep.home}/repository/index"/>
    </SearchIndex>
    
    <Cluster>
        <Journal class="com.day.crx.persistence.tar.TarJournal"/>
    </Cluster>
    
    <Modules>
        
    </Modules>
</Repository>
3. Updated F:\installed\cq5\author\crx-quickstart\bin\quickstart.bat with:
@echo off
:: This script configures the start information for this server.
:: The following variables may be used to override the defaults.
:: For one-time overrides the variable can be set as part of the command-line; e.g.,
::     SET CQ_PORT=1234 & ./start.bat
setlocal
::* TCP port used for stop and status scripts
set CQ_PORT=4502
::* http host name
:: set CQ_HOST=
::* interface that this server should listen to
:: set CQ_INTERFACE=eth0
::* show gui
set CQ_GUI=true
::* do not show browser on startup
set CQ_NOBROWSER=true
::* do not redirect stdout/stderr (logs to console)
set CQ_VERBOSE=true
::* do not fork the JVM
:: set CQ_NOFORK=true
::* force forking the VM using recommended default memory settings
:: set CQ_FORK=true
::* additional arguments for the forked JVM
:: set CQ_FORKARGS=
::* runmode(s)
set CQ_RUNMODE=author,dev
::* defines the path under which the quickstart work folder is located
:: set CQ_BASEFOLDER=
::* low memory action
:: set CQ_LOWMEMACTION=
::* name of the jarfile
:: set CQ_JARFILE=
::* use jaas.config
:: set CQ_USE_JAAS=true
::* config for jaas
set CQ_JAAS_CONFIG=F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf
::* default JVM options
set CQ_JVM_OPTS=-Djava.security.auth.login.config=F:/installed/cq5/author/crx-quickstart/conf/ldap_login.conf -Xms1024m -Xmx1024m -XX:PermSize=256M -XX:MaxPermSize=256M -XX:+UseConcMarkSweepGC -XX:NewRatio=1 -XX:CMSInitiatingOccupancyFraction=85 -XX:ParallelGCThreads=4 -XX:GCTimeRatio=3 -XX:+UseParNewGC -XX:-UseGCOverheadLimit -XX:SurvivorRatio=6 -Xloggc:F:/installed/cq5/author/crx-quickstart/gc.log -verbose:gc -XX:+PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9998 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.awt.headless=true
::* do not configure below this point
chdir /D %~dp0
cd ..\..
set START_OPTS=-use-control-port
if defined CQ_PORT            set START_OPTS=%START_OPTS% -p %CQ_PORT%
if defined CQ_INTERFACE       set START_OPTS=%START_OPTS% -a %CQ_INTERFACE%
if defined CQ_GUI             set START_OPTS=%START_OPTS% -gui
if defined CQ_NOBROWSER       set START_OPTS=%START_OPTS% -nobrowser
if defined CQ_VERBOSE         set START_OPTS=%START_OPTS% -verbose
if defined CQ_NOFORK          set START_OPTS=%START_OPTS% -nofork
if defined CQ_FORK            set START_OPTS=%START_OPTS% -fork
if defined CQ_FORKARGS        set START_OPTS=%START_OPTS% -forkargs %CQ_FORKARGS%
if defined CQ_RUNMODE         set START_OPTS=%START_OPTS% -r %CQ_RUNMODE%
if defined CQ_BASEFOLDER      set START_OPTS=%START_OPTS% -b %CQ_BASEFOLDER%
if defined CQ_LOWMEMACTION    set START_OPTS=%START_OPTS% -low-mem-action %CQ_LOWMEMACTION%
if defined CQ_HOST            set START_OPTS=%START_OPTS% -Dorg.apache.felix.http.host=%CQ_HOST%
if defined CQ_USE_JAAS        set START_OPTS=%START_OPTS% -Djava.security.auth.login.config=%CQ_JAAS_CONFIG%
if not defined CQ_JARFILE     for %%X in (*.jar) do set CQ_JARFILE=%%X
tasklist > oldTaskList.txt
start "CQ" cmd.exe /K java %CQ_JVM_OPTS% -jar %CQ_JARFILE% %START_OPTS%
tasklist > newTaskList.txt
java -cp %~dp0 GetProcessID oldTaskList.txt newTaskList.txt java.exe > crx-quickstart\conf\cq.pid
del newTaskList.txt
del oldTaskList.txt
4. Started CQ5 by double-clicking F:\installed\cq5\author\crx-quickstart\bin\quickstart.bat
Issue: I am not able to see the domain "com.adobe.granite.ldap" in http://localhost:4502/system/console/jmx
I am not sure what have I done wrong. Please let me know how can I synchronize all the users from LDAP into CRX.
Thanks in advance,
Anurag

Please refer my post:
CQ5 as Windows Service with LDAP Authentication
http://forums.adobe.com/thread/1260837?tstart=0

EP60 and LDAP integration with Micosroft AD- Issues

Similar Messages

Maybe you are looking for