does anyone has a list how to assign the attributes in the BOXI LDAP configuration to get it working with AD ?
I made it to configure the LDAP-Server with host, Base-DN etc. , so I think it should work…
BUT: i’m not able to add a group in the LDAP config dialog…everytime i try to enter the group name (e.g. I enter “CN=Domain Users,CN=Users,DC=company,DC=com”) I always get an error message saying that the secLDAP could not resolve the dn for the specified group.
but i the dn I enter is correct…
I have been struggling with this problem for a while as well. If you are using the J2EE version, I have been told that it is not currently possible to authenticate using MS ActiveDirectory, even using the LDAP access.
I used LDAP to autheniticate to AD on 6.5 and it worked fine. I’m surprised they’ve not implemented this feature in XI.
I got just as far as you have with this, and get the same error. If anyone knows how to do this I’d apprecaiate it also.
I’ve spoken with my local BO representatives and with tech support and they’ve told me that currently AD authentication is not supported, even through LDAP, which is quite strange. Apparently there will be a patch out sometime soon, and AD authentication (or AD via LDAP) will be supported in the J2EE deployment in XIr2.
Got LDAP to authenticate AD in JSP infoview. Only problem is that it uses the FQDN (fully qualified domain name).
Object Class: objectclass
Static Group: group
Static Group Member: member
Dynamic Group:
Dynamic Group Filter:
Group Description: description
User Object Class: user
User Name: cn
User Description: cn
LDAP Default Search Attributes
Default Group Search Attribute: cn
Default User Search Attribute: cn
Wouldn’t work with anything but cn. Same for the groups.
DC=yourcompany,DC=com for Base LDAP distinguished name
LDAP server admin also needed the CN name
cn=fqdn,OU=org unit,DC=yourcompany,DC=com
yes, thanks a lot, now i’m able to add the “Domain Users” group to the LDAP :-)))
BUT: I don’t get any user belongig to this group added :-(((
For the User “Smith, Frank sen”
I try something like “cn=Smith, Frank sen,ou=Users,ou=Location,dc=company,dc=com”
I’m also experiencing the same exact results using the suggested attributes. I can successfully AD groups to the “Mapped LDAP Member Groups” but there are no members displayed for the group in the CMC.
If I try adding the DN for “LDAP Server Administration Distinguished Name” (see below) I get:
“Error updating LDAP properties: The secLdap plugin failed to verify the server administration credentials”
No luck without the slash in the DN. I’ve tried many different combinations.
Out of curiosity, do you see the same DN syntax (slash after Lastname) if you were to browse your AD using an LDAP browser (i.e. Softerra LDAP Browser)?
For those of you (like me) who follow the CN=lastname, firstname convention in AD (with a comma as a special character after the lastname), we have found that apparently in BO XI java these special characters are not getting ‘escaped’ or parsed correctly causing the LDAP query for the user’s DN to fail and therefore groups are not being populated in the CMC.
If you were to manually enter the following string (and password or course) in the “LDAP Server Administration Credentials” in the CMC the query should succeed.
Since the comma after the Lastname is considered a special character in the path, it has to be preceded (or escaped) by a backslash () character AND also specified by its two digit hexadecimal character code (2C). Notice also a space after the hex code in this example.
I am trying to setup Activer Directory Authentication using LDAP plugin not Windows AD. I have managed to get LDAP groups mapped but I do not see any users being exported in BO from AD. Have tried all the setups mentioned in this post used SAMAccountName as well but still users do not show up in CMC.
Not sure if there is something that I am missing. Please help.
Environment:
Server: Win 2003 Server
App / Web Server: Tomcat 5.0.27
BO: BO XI R2 no hotfixes have been applied
I am using ADAM to connect to my AD. I am able to add the group by changing the “static group” to “top” but if i change it back to “group” it won’t let me add any group.
My problem is, once I add the group, I don’t see users.
(BOB member since 2005-05-30)
(BOB member since 2002-08-08)
(BOB member since 2005-05-18)