Login BSP with LDAP

Hi!
We are accesing to several BSPs through an ITS. ITS valids the user in LDAP and then create a logon to our BSP.
We are studying to eliminate the call to ITS. We want to check the user in LDAP without ITS, but we don't find information about it.
Anyone has implemented this in its system something like this? Where can we find information for LDAP + BSP?
We have SAP 4.7 with WAS 6.20
Thanks in advance.

You might also want to check out http://help.sap.com and do a search for LDAP, you can connect LDAP and your system directly or via CUA.

Similar Messages

  • Problem with users in portal - login conflict with LDAP.

    Hi.
    Let me describe our problem:
    We've a EP5 portal with LDAP conected to a central LDAP server, users access with the same user and password to all the different systems.
    The problem happens to users who have theyr passwords expired. We already set to 0 the password expiration days to avoid future problems but that didn't applied to the already expired ones.
    This affected users cannot change the password due to problems with the connection rights to LDAP server.
    We're trying to find the place there it's set that the user is in some kind of "password expired" status, directly in a database table if neccesary, to change the status manually, as system does not allow os to set it by user administration in portal.
    Any suggestions would be appreciated.

    Restoring expired Portal passwords
    Solved

  • BSP with LDAP Authetication

    Hi,
    In our BSP application the user needs to be authenticated by a LDAp directory. (Lets say ADS). This because this directory contains all users and there actual passwords. The user-accounts in the LDAP Directory are the same as in the Web AS. (This is garanted by a periodical export from Web AS and import to the LDAP direcory) The passwords can be different in LDAP and Web AS.
    Well our idea is to build a public BSP Application to ask for Username and Password. After that we establish a bind to the LDAP directory and try to authenticate this user. (So far it works well ...CALL FUNCTION 'LDAP_COMMONBIND'...). Now we would like to create a SAP Logon Ticket, so that the user is also autenticated against Web AS (private BSP Application).
    Does anybody know how to create a SAP Logon Ticket with BSP?
    Thanks for any help.
    Regards,
    Beat

    If you are ok with the system prompt ,
    SICF->defaulthost->sap->bc->bsp->sap->Your BSP Application name will come,
    double clk that , there u can provide adefault user idd and password ...So that all can access.
    If u want to authenticate , just create one BSP Application with a login page and left the user id and pwd field that blank in the  above path.
    If u need cutomized login screen ,
       just chh the BSP Application SYSTEM / login.htm
    Regads,
    j
    Do Award pts for helpul answers
    Message was edited by: Jothi venkatachalam

  • Dynamic Login Environment with LDAP and Database level security.

    JDeveloper 11.1.1.0.1 + ADF BC + ADF RC
    Hi everyone,
    We are ready to begin creating a dynamic login environment.
    We would like to be able to keep security on the database side, instead of in the application layer.
    We also want to be able to use Oracle LDAP for authentication.
    Can anyone suggest any good documentation for our situation?
    Highly appreciated. Thanks!

    Alexander,
    unlike in Forms, authentication is separate from connection. You can have individual user connections - like in Forms - but this most likely is not of best performance. A document and example for this to follow is
    http://radio.weblogs.com/0118231/2008/08/06.html#a902
    Note that authentication does not need to be hard coded in either way. If you use a single database connection and container managed authentication, then all users access the database from the same user account but can have their authenticated names passed through. In ADF BC you can use the prepareSession method on the ApplicationModule to pass the name to the database as a prepared statement (e.g. to set the predicate on a VPD database). However, using PLSQL for authorization is a bit difficult because the business logic, unlike in Forms isn't executed in PLSQL. You can look up PLSQ from ADF BC - or Java in general - but its a separate call.
    Frank

  • LDAP/AD Role group user login issue in sharepoint 2010 FBA with LDAP

    Hi.
    I created sharepoint 2010 site with LDAP FBA.If I add the AD user as form based user and try to login to my site its working very well but if I add a AD Group in to my site and try to login with one of the AD user of this group its say "Access
    Denied".
    In my project we want add AD group in sharepoin Groups not a individual AD users.
    Can anyone help me with this please its urgant?

    I added both LDAP membership and LDAP Role provider.And I can also find groups in people picker in my Central Admin and FBA Web app site colleciton.  
    <add name="ADMembers"
    type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
    server="company.com"
    port="389"
    useSSL="false"
    userNameAttribute="sAMAccountName"
    userContainer="DC=company,DC=com"
    userObjectClass="person"
    userFilter="(|(ObjectCategory=group)(ObjectClass=person))"
    userDNAttribute="distinguishedName"
    scope="Subtree"
    enableSearchMethods="true"
    otherRequiredUserAttributes="sn,givenname,cn"
    />
    <add name="ADRoles"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="Company.com"
    port="389"
    useSSL="false"
    groupContainer="DC=Company,DC=com"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="(ObjectClass=group)"
    userFilter="(ObjectClass=person)"
    scope="Subtree" />

  • Issue with LDAP login authentication in CMC console

    We have a existing issues with Business Objects BOE XIR2 SP2 and LDAP authentication with the BOE CMC Console.
    We use websphere as the application server and it is installed on the same machine (Solaris) as BOE.
    We have this issue on both our production and our recently rebuilt development environment to duplicate the issue.
    Both environment have configured LDAP over SSL and we can login to BOE Infoview Reports with LDAP and we can map groups and users if we login to CMC but we can not login to CMC with secLDAP.
    The specific error still being shown is "Security plugin error: Failed to set parameters on plugin".
    Both environments (DEV and PROD) are fresh installs of BOE XIR2 SP2.
    Any ideas are much appreciated
    Thankyou

    The CMC in XIR2 used com components for the SSL (rather than java like infoview) and I'm betting the WAS deployment is not finding them. Is WAS on a seperate server or is BOE installed there as well?
    I'm not familiar with any regular fixes for an issue like this. If no other replies I'd recommend opening a case with either deployment(WAS on "nix") or authentication(WAS on windows) to see if they can trace down the problem.
    Regards,
    Tim

  • Integration iLearning login with LDAP?

    Hi friends,
    Although there exists a Metalink note with this exactly title, (How To Integrate Oracle iLearning and LDAP Note:452425.1) I've searched inside documentation how exactly iLearning does this step. I mean:
    I have to install the iLearning Platform (without installing Oracle Portal) in a Windows environment. Due to customer requirements, the iLearning login must be validated with LDAP validation... I've read that it's done with iLearning WebServices.. but I can't find where exactly is described this procedure. (My knowledgements of web services are limited)
    I'm reading the "Oracle iLearning 5.0: Web Services API Technical Reference " And it's supposed all lis there.. but.. "LDAP" word is not mentioned so... any ideas?
    Thanks a lot.
    Jose L.

    If is not possible that integration, I've thinked in other solution:
    - Create/Publish a WebService in iLearning platform. That webservice woul check in LDAP contents for new users... if there exists new users it would retrieve their information and would create them as iLearning platform users ...
    This could be divided in two tasks:
    - create/publish web service in iLearning to query in LDAP
    - insert the information retrieved as a new user/s into iLearning System.
    [This one.. if is not possible to "program" in the webservice.. could be done through direct INSERT into i Learning tables.. I suppose]
    Any ideas of how to do this?
    Thanks a lot!!!!.
    Jose.

  • Login Error from Users machine into BO Desktop Applications With LDAP user

    Hi All,
    I am getting a strange error and got stucked.I have searched in the forums and tried every possible thing but the problem remains same.
    I am not able to login into any Client application using LDAP account.
    The setup is:
    Machine 1: Webserver
    Machine 2: CMS and other servers
    Machine 3: Clustered CMS server
    LDAP is implemented and SSL is enabled between Machine 2 and LDAP server.
    Now when i am into Machine2 and try to login into Client application using LDAP it works for me also for Web Application(CMC, Infoview)
    When i am into user machine I am able to login into Client Application (Designer, Desktop Intelligence etc) using enterprise account, but not with LDAP account. However i am able to login to web Application using LDAP account from users machine.
    All the ports are open and can connect to CMS machine and database repository connectivity is also OK.
    One interesting thing i would like to share that if i am login into Infoview using LDAP account and If i go for editing a report it opens Desktop Intelligence for me (LDAP user) and there is a entry in System name when i login into Deski.That entry in system name is CMS Machine name,Port number, full domain, (J2EE Portal) written in last.
    Using this entry in System I can Login using LDAP account but first should do the process (Login to Infoview, Edit The Report) for every user machine.
    Please help me out where i am getting wrong.
    The error with Client application and LDAP user is USR0013. Can not Access the repository.

    My guess would be that client apps don't have access to the SSL directory defined in the LDAP config but the web/app does. When you edit a report it launches deski in 3-tier mode still using the web/app so this isn't surprising behavior. There are SAP notes on this in SMP key words LDAP SSL deski should return  the result. The link to SMP is in the forum sticky at the top of the administration forum.
    Regards,
    Tim

  • SharePoint 2010 with LDAP authentication, using NOVELL eDirectory

    One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
    Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
    I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
    In the Membership provider name text box I entered "LdapMember"
    In the Role provider name  text box I entered "LdapRole"
    In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="((ObjectClass=group)"
    userFilter="((ObjectClass=person)"
    scope="Subtree" />
    </providers>
    </roleManager>
    I modified the SecurityTokenServiceApplication web.config with these details
    <system.web>
    <membership>
    <providers>
    <add name="LdapMemebr"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true">
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    </system.web>
    I modified the web.config of the test application I created with these details
    <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
    <providers>
    <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="cn"
    dnAttribute="dn"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    <membership defaultProvider="i">
    <providers>
    <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    useDNAttribute="true"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
    The server could not sign you in. Make sure your user name and password are correct, and then try again.
    I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
    8306 - SharePoint Foundation - The security token username and password could not be validated.
    in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
    then this:
    Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
    at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
    I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
    The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
    The LDAP server tells the SharePoint server it is ready to communicate
    the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
    The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
    The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
    The SharePoint server acknowledges the connection is closing
    ... and then nothing happens, except the error on SharePoint
    What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
    specified in the web.config). That part does not seem to be happening.
    I am at a standstill on this and any help would be greatly appreciated.

    OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
    is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
    for enabling Forms Based Authentication:
    "ASP.NET Membership provider name"
    "ASP.NET Role manager name"
    We entered a name for Membership provider, and left Role manager blank.
    In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword="validpassword"
    useDNAttribute="false"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager>
    <providers>
    </providers>
    </roleManager>
    useDNAttribute="false" turned out to be important as well.
    So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
    leave anything related to the role provider blank
    configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
    Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
    Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
    a non-existent role manager.

  • URL Link to BSP with MVC

    Hi,
    I have a BSP with MVC design.
    I assume that the URL link to the application is the URL I see when I go into the Controller page under the BSP in SE80.
    Is that correct?
    The problem is that when I take that URL and copy paste it into a web browser, I get the first view but when I click on any button, the controller class is not called.
    If I do a right click on the BSP and select the TEST option, all is working perfectly.
    Do you have any idea why this is happening or do I do something wrong?
    Thanks,
    Itay

    Hi Stefan,
    Same issue i have as well.
    My Understanding is, in NWBC desktop, if you open a non sap (eg: html) page, NWBC becomes an IE Browser.
    That means you are now out of SAP for that tab (with html page) and whenever you try to launch any SAP transaction (using the method from HTML) it will launch in a new window and ask for Login.
    May be Experts like Samuli Kaski & Melinda Ludanyi can put some light on it.
    But, I have one more solution for this which is partially working in my case. May be helpful in you case as well.
    Issue: From some SAP transaction in NWBC (say tab A), you are launching the html page (say tab B) and then want to launch another SAP transaction (Say tab C) from html.
    Solution: Embed the HTML in SAP using HTML Viewer class and launch SAP custom transaction using the interface IF_LSAPI. It will launch it in new tab as a sap transaction with your html page.
    Now if you want to launch the SAP transaction from your html page (Which is embedded in SAP custom transaction) you can use HTML Viewer class Events and you can pass parameters as well. Re use the same interface IF_LSAPI and launch it in new tab
    In my case i am facing problems as the web developer has so many things on java script and they are not working properly. He is working on it and i am hoping it will be fine.
    Regards,
    Nik

  • WLC integration with LDAP

    Hi all and thank you in advance for any you help/advice you might be able to offer....
    I'm having problems getting a WLC (7.0.220.0) working using LDAP (Windows 2008). This evening, in an effort to troubleshoot the problem further, I have configured the customer's ASA to use LDAP too and run a test....as you can see below, the test works flawlessly (on the ASA).
    aaa-server LDAP_TEST protocol ldap
    aaa-server LDAP_TEST host x.x.x.x
    server-port 389
    ldap-base-dn OU=Users,OU=IT Dept (South),DC=yyy,DC=co,DC=zzz
    ldap-scope subtree
    ldap-login-password *
    ldap-login-dn CN=ldap,OU=Users,OU=IT Dept (South),DC=yyy,DC=co,DC=zzz
    server-type microsoft
    ASA/act# test aaa-server authentication LDAP_TEST host x.x.x.x username ldap password password
    INFO: Attempting Authentication test to IP address <x.x.x.x> (timeout: 12 seconds)
    INFO: Authentication Successful
    ASA/act#
    Now, my understanding is that the ASA only supports PAP (clear text) as Authentication method when communicating to an LDAP server....while on the Controller, I am using EAP-FAST....so my understanding would be that only EAP-FAST/GTC or EAP-FAST/MSCHAPv2 (IF the LDAP server is setup to return a clear text password) are supported.
    On the Controller, I am using the very same settings as I have used on the ASA (for the LDAP server configuration). However, users are still unable to Authenticate....they Associate, but do not Authenticate. The clients are all Windows 7 and are setup to use the in-built Cisco EAP-FAST as Authentication method. We are not using certificates.
    The thing is that I'm pretty sure that both the Windows 7 clients and the Controller are setup correctly but, as I said, the clients are still unable to authenticate.
    I guess that my questions are these:
    - on the client side, you can setup the laptops to use "Any method" as authentication method...but how does this exactly work? do they try both EAP-GTC and EAP-MSCHAPv2 (i.e. if it can't authenticate through EAP-GTC will then try EAP-MSCHAPv2?)
    - is it better to hardcode the clients to use EAP-GTC or EAP-MSCHAPv2 (instead of default "Any method")....when working on an LDAP environment
    - how can I check that the MS 2008 server is indeed setup to "return a clear text password" if using EAP-FAST/MSCHAPv2 (and I do realize that this is probably a question for a Microsoft forum)
    - how can I check the the LDAP server is configured to support EAP-GTC and/or EAP-MSCHAPv2??
    Thanks again.

    This is not an acceptable answer.  Steve, do you work for Cisco, or are you commenting on personal experience & knowledge?
    I have had a working RADIUS configuration for 2 years+ of an ASA 5510 for authentication of AnyConnect SSL & IPSEC VPN clients with AD, and a WLC 2106 for authentication of WPA2-Enterprise w/802.1x certificates with AD.  Both were configured to communication to the same RADIUS server that is a Windows Server 2003 DC with IAS/RADIUS and a CA installed.  During the planning for installing a new Windows Server 2008 R2 DC, I decided to attempt to remove my reliance on RADIUS since authenticating directly with LDAP is becoming more common.  I was successfully able to configure our ASA to do direct LDAP queries to AD, but similar to "superduperlopez" and "rschwenderman", I have been unable to configure the WLC the same way.
    I feel like the following line in Cisco's documentation is unsatisfactory:  "For example, Microsoft Active Directory is not supported because it does not return a clear-text password."
    I would take this to mean that the ASA is working correctly due to either:
    A) The ASA is accepting clear-text passwords from AD, and AD is configured to pass clear-text passwords, or
    B) The ASA is not accepting clear-text passwords from AD, and AD is not configured to pass clear-text passwords
    Now this would lead me to the following:
    A) Cisco has not properly updated the WLC documentation to instruct users how to correctly configured the WLC to do backend LDAP queries, or
    B) Cisco has not implemented the technology changes that were made in the ASA to the WLC
    This frustrates the average network admin, as it is seen by us as "If the ASA can do it, why can't the WLC".  Also, don't get this confused with any "client" issues, as all that is being asked for is the WLC to using a different backend "authentication" server while not modifying the client side at all.  The concept of "Local EAP" seems to fit, but doesn't work.
    I would really appreciate someone giving some insight on this topic, as there are three customers on this forum post that have had the same problem withing the last 2 months.
    The previous posters, and myself, are not looking for someone to retype the documentation, but rather explain how it is working on one of Cisco's security products, but not the other.

  • CAD login failure with CUPS integration

    OK so here we go,
    UCCX System version: 8.5.1.10000-37
    Cucm System version: 8.6.2.20000-2
    CUPS System version: 8.6.4.11900-1
    So we've integrated UCCX desktop with CUPs fine, CAD user goes to login gets error asking for Presence creds.
    CUPS and CUCM are Ldap authenticated integrated.
    I've manually tested logging users into Jabber desktop and Cups user (web login) and both login fine with the same ldap user ( CAD uses this login too)
    If I click cancel on CAD login agent logs in fine to CAD, however if I try login to chat gets rejected even though creds are the same.
    Have manually input creds into CAD when prompted for Presence login (still gets rejected)
    Weird how creds work for Jabber but not getting passed through, have restarted all servers in cluster.
    Any input welcome.
    Thanks in advance,
    Liam

    Hi Liam
    This is a particularly poorly implemented feature.
    Basically pre 9.0 I think it doesn't do any authentication to CUPS. What you need is an entry in the 'Incoming ACL' (in the system/security/incoming acl menu I think) for the IP address of each PC that will use this feature. My understanding is this basically bypasses authentication.
    In 9.0(2) that i upgraded to this week, it supports digest auth. The description from the admin guide is that you must set the digest creds on the CUCM end user to match the user's login password. Well... that's just great security isn't it? 'Please may I have your AD password so I can add a feature to your CAD? Oh, and tell me every time you change it so I can update it'....
    There are also a host of bugs I found - you can't search for contacts in Web CDA to add them to contact lists in larger ADs, it doesn't seem to show the status of any internal or external contacts properly, and upgrading to 9.0(2) only made it slightly better.
    I get the feeling not many people have used this, or there wouldn't be so many issues...
    Aaron

  • BO XI R2 problems with LDAP plugin talking to OID

    Hi all,
    We have a customer with OID 10g (Oracle Internet Directory, exact version 10.1.0.4), and BO 6.5, and we are in the process of upgrading to BO XI R2 (sp3).
    In our BO XI R2 (sp3) server, we are facing problems configuring the LDAP plugin. When we map a LDAP group (a dynamic group created in OID), BO retrieves the users that belog to the group but when we go to the Users list and try to see which groups this users belongs to, the CCM does not list our LDAP group.
    Moreover, when we try to login with LDAP authentication in infoview, the following error:
    "Account Information Not Recognized: An error occurred at the server : LDAP Authorization failed. Please make sure your entry belongs to a mapped LDAP group."
    Has anybody faced similar issues? Any idea how can we solve this?
    This issue is very important for our customer and could block the migration progress....
    Thank you very much in advance.
    Regards

    In that case a support engineer will likely need to scan the CMS and possibly packet scan the LDAP queries. When going to a group and viewing users a live query is sent to LDAP, is this info correct (do groups contain the right users)?
    But when viewing users (groups) this information is based on a cached graph that should be updated approximately every 15 minutes by default. Your issue seems to indicate this process is either slow or failing all together. Tracing with an engineer is the best rout to take. Let me know if I can offer anymore help from this end.
    Regards,
    Tim

  • Issue with LDAP sign in

    Hello experts,
    We have hooked up our BO application with LDAP in our company. In BOE configuration evry thing went fine. But, when the user from LDAP side tries to login into  BO it  is  not accepting their USER ID's indeed they are able to login with their full CN and DN names.
    Details..
    > users cannot login with their original id's.
    > but they are able to login with cn and dn names.
    I tried to change the settings of BO searching criteria in ldap groups. but i am not able to do that.
    anyone faced these kind of issue.. please help me guys. 
    Points will be assigned for every small clue.
    Thanks
    Prashanth

    The user search name is the value you should be looking at in the LDAP attributes, that's the one that it will send to LDAP on a logon attempt. If you changed this value after mapping a group, I'm not sure but you may have to remap the group to get the change.
    So on the LDAP side verify the user search attribute = the username you expect to login with (i.e. cn, samaccountname, uid, etc)
    Regards,
    Tim

  • How do Sun Convergence Communicate with LDAP?

    Please tell how do sun convergence communicate with LDAP server.what api do these calls use.and where do we can find it.
    Looked at the login page,it is was calling iwc.protocol.iwcp.LOGIN_URL variable.
    login_url was assign as below:
    iwc.protocol.iwcp.LOGIN_URL = iwc.config.session.contextPath + "/svc/iwcp/login.iwc";
    please let us know what is iwcp ?
    And what is contextPath its refering?
    Also please let us know what kind of frame work does convergence uses to communicate with LDAP.
    If possible,advice some documentation to read about this function.
    thanks in advance
    Edited by: testxtest on Jul 14, 2009 12:50 PM

    testxtest wrote:
    Please tell how do sun convergence communicate with LDAP server.Convergence uses the standard LDAP protocol to access data from the LDAP servers.
    what api do these calls use.and where do we can find it.The LDAP protocol technical specifications are defined here:
    http://tools.ietf.org/html/rfc4510
    Looked at the login page,it is was calling iwc.protocol.iwcp.LOGIN_URL variable.
    login_url was assign as below:
    iwc.protocol.iwcp.LOGIN_URL = iwc.config.session.contextPath + "/svc/iwcp/login.iwc";
    please let us know what is iwcp ?What is it you are trying to achieve?
    And what is contextPath its refering?The "contextPath" is the Convergence server URL base for the current session e.g. http://server.aus.sun.com/iwc
    Also please let us know what kind of frame work does convergence uses to communicate with LDAP.The Convergence server uses java ldap-pool libraries.
    If possible,advice some documentation to read about this function.Once again, what is it you are trying to achieve, and most importantly, why?
    Regards,
    Shane.

Maybe you are looking for

  • 10.6.8 Postfix Question

    We've had a recent epidemic of users responding to phishing requests. While problematic for our e-mail reputation with the normal spammer sites (zen, baraccuda etc) the fix was easy enough. Disable the users mail account, clear the mail queue, retrai

  • Finder window glitches

    I find that the finder windows (often in the background of Safari and other programs) will close and reopen all the time. The problem with this is if I'm looking for files and trying to do something in Finder, it totally interrupts me. Anyone else no

  • How to get rid of ads by savings ad-on

    Any site I visit I get the following annoying ad " ads by savings add-on " ! How do I get rid of them without resetting mozilla to default ? Regards, hepatica1

  • Mail takes long time to arrive

    Hello Experts, I am using 10.8 server for host my web sites and email. I created host name for for my server called mail.fm-host.biz and updated the  pointed site from domain control pannel  in domain reseller, and i see the it looks like working, my

  • HT4623 How do I get Siri on my IPAD2?

    My IPAD2 is updated however I still can not get Siri?