LDAP Configuration

system · April 13, 2006, 2:10pm

Hi,

I am trying to setup LDAP in our test environment. But I am stuck up as I haven’t setup or used LDAP earlier.

Following are the details that I am using.

LDAP Hosts: enterprise-ldap:389
LDAP Server Type: Sun Directory Server
Base LDAP Distinguished Name: ou=corporate,dc=com
LDAP Server Administration Distinguished Name: uid=xrprod,ou=people,ou=corporate,dc=com
LDAP Referral Distinguished Name: “”
Maximum Referral Hops: 0
SSL Type: Basic (no SSL)
Single Sign On Type: None

This looks fine.

But when I try to add “secLDAP:cn=AppName, ou=group, ou=corporate, dc=com” for
“Add LDAP group (by cn or dn):”

This gave the following error.

Error updating LDAP properties: The secLdap plugin failed to get the dn for the group secLDAP:cn=AppName, ou=group, ou=corporate, dc=com

I have gone through the Admin guide and also the topic here but with no luck.

Could someone guide me for passing “Add LDAP group (by cn or dn):” parameters as this is where it is throwing the error.

We had the users imported from e6.1b using import wizard.

Also, if we set up LDAP in e6 and import the user accounts to XI, does the authentication automatically configured to LDAP?

Thanks for your help in advance.

Regards,
Suresh

chvsuresh (BOB member since 2005-03-25)

system · April 13, 2006, 5:01pm

dont add secLDAP, start with cn=…
secLDAP will be automatically added.

Sheshachala5 (BOB member since 2004-01-09)

system · April 22, 2006, 7:16pm

Suresh,

Please check on the CN of the group you are trying to add. It has to be a group at the member level.

In LDAP the CN displays the Last name and first name of the user id. So when i am importing the group from Ldap it is listing the users as LastName, First Name and when i try to login using the same format it is working fine. I would like to have the sAMaccountName to be used as user id for logon to BO.Is there any possible way to have the sAMaccountName imported as user id instead of CN and use that as user id in BO XI R2

Please help

Thanks & Regards
dinesh

dinesh2005 (BOB member since 2005-09-12)

system · June 8, 2006, 6:59pm

Hello,

You can use the sAMaccountName instead of the cn. In order to do that, in the Authentication tab of the CMC. Go into LDAP and within there click on the LDAP Server Type: Microsoft Active Directory Application Server.

Click on the “Microsoft Active Directory Application Server” which would take you to the Ldap Server Type configuration.

Click on the Show Attribute mappings and vola.

You can change the default user search and other attributes as you wish.

Cheers,

thusi02 (BOB member since 2006-06-03)

system · June 8, 2006, 7:28pm

Also another note,

I would strongely suggest you get the Ldap Browser to see if that tool is able to connect to your ldap server.

http://download.softerra.com/files/ldapbrowser26.msi

Cheers,

thusi02 (BOB member since 2006-06-03)

system · June 13, 2006, 7:56am

Hi

I am also getting the same error at the step:
“Add LDAP group (by cn or dn):”

Did anyone get a solution for that ?

For those who have got LDAP working, what syntax do you use for adding an LDAP group ?

rahul (BOB member since 2005-05-25)

system · June 13, 2006, 10:24am

Well…got it to work finally.

The syntax is:

ubswid=ARTG89796,o=groups,dc=ubsw,dc=com

This is for Oracle Internet Directory

rahul (BOB member since 2005-05-25)

system · June 29, 2006, 6:53pm

Problems with LDAP. I have been pulling my hair out trying to get LDAP to work correctly on BOXIr2. We were able to create the groups, however no users are found once clicking on the user tab. Is there something we have setup wrong?

Base LDAP Distinguished Name: ou=people,ou=internal,o=alltel
groups: cn=BasicA-BO,ou=groups,ou=internal,o=alltel

jcbeckwith (BOB member since 2006-04-26)

system · June 30, 2006, 6:56am

In the LDAP configuration,
New alias option:
Select: Create a new account for every added ldap alias.

Update options
Select: New aliases will be added and new users will be created.

With this option, all the users who belong to that ldap group are automatically added.

This works for us.

You can read in detail about these option in the XIR2 Admin guide, Pg 235-

Cheers
Rahul

rahul (BOB member since 2005-05-25)

system · July 13, 2006, 6:27pm

Assuming you have your parameters and attributes setup correctly, Sheshachala5 nailed it when she replied with:

kentopolis (BOB member since 2004-12-01)

system · July 13, 2006, 6:32pm

Thanks Kentopolis.

Im a guy.

Sheshachala5 (BOB member since 2004-01-09)

system · July 20, 2006, 6:28am

I am working with OpenLDAP and have found that to add LDAP groups you have to add a space after each of the commas in the distinguished name.

I tried cn=reportmanager,ou=batecbo,o=batec,dc=com but the CMC just hung until I got the “Cannot display this page” message in the browser. However, when I used cn=reportmanager, ou=batecbo, o=batec, dc=com the group was added in a matter of seconds.

Hope this saves someone out there hours of pulling their hair out.

rbartley (BOB member since 2005-03-31)

system · July 20, 2006, 6:49pm

Yes, i faced a similar situation. It did not hang but was erroring out when i click finish and i broke my head for 2 hours as the information i entered was correct. Then i figured out that i needed spaces in it.

Sheshachala5 (BOB member since 2004-01-09)

system · July 24, 2006, 10:38am

Perhaps some of you have already discovered this, but something else that caused me a few hours of pain was adding the users to the LDAP groups in OpenLDAP.

Basically, although I was able to add the LDAP groups, when I clicked on one of these in the Groups view of the CMC, no users were found. It turns out that OpenLDAP uses an attribute called “member” rather than “uniquemember” (the default value in the personalised LDAP server option). Changing this attribute value solved the problem.

Again, hope this helps someone.

rbartley (BOB member since 2005-03-31)

system · September 5, 2006, 5:13pm

Hola rbartley, tengo el mismo problema que comentas en el post: soy capaz de añadir un grupo pero cuando lo consulto este desde el CMC no tiene usuarios. También llevo perdidas unas decenas de horas con este tema . ¿No te importaría enviarme la configuración que usaste para openLDAP? Me refiero, como no, a los parámetros:

Object Class:
Static Group:
Static Group Member:
Dynamic Group:
Dynamic Group Filter:
Group Description:
User Object Class:
User Name:
User Description:

Default Group Search Attribute:
Default User Search Attribute:

el_celi (BOB member since 2006-09-05)

system · September 14, 2006, 10:45am

For OpenLDAP what parameter did you used for:

Object Class:
Static Group:
Static Group Member:
Dynamic Group:
Dynamic Group Filter:
Group Description:
User Object Class:
User Name:
User Description:

LDAP Default Search Attributes

Default Group Search Attribute:cn
Default User Search Attribute:uid

tannx (BOB member since 2006-02-20)

system · September 15, 2006, 9:19am

Hello world,

I’m currently trying (with no success) to install and OpenLDAP server and to make it work with BO XI.

I have had no luck so far. (I must admit, I’m in no way a LDAP expert). Would it be possible for someone whose using OpenLDAP to share a slapd.conf and eventually a group and a user LDIF file ?

I manage to create the group and to populate BOXI with it, but I’m not sure about the user (member).

Am I supposed to be able to see actual LDAP users when I go to the “User” tab of my newly created group ? (cn=testing, ou=group, dc=example, dc=com)

Thanks a lot in advance,
Nick

nivok (BOB member since 2006-09-15)

system · September 18, 2006, 2:54pm

Can someone please tell me what’s wrong:

USER.LDIF:

dn: uid=bo_user,ou=People,dc=example,dc=com
uid: bo_user
sn: User
cn: BO User
gidNumber: 1001
uidNumber: 1001
homeDirectory: /home/bo_user
loginShell: /bin/bash
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: top

GROUP.LDIF

dn: cn=bo_grp,ou=Group,dc=example,dc=com
cn: bo_grp
objectClass: top
objectClass: posixGroup
gidNumber: 100
memberUid: bo_user

CMC LDAP CONFIG

Object Class: objectClass
Static Group: posixGroup
Static Member: posixAccount
Group Description: cn
Username: uid
User Description: cn

SLAPD.CONF

include		./schema/core.schema
include		./schema/cosine.schema
include		./schema/inetorgperson.schema
include		./schema/openldap.schema
include		./schema/java.schema
include		./schema/nis.schema
include		./schema/dyngroup.schema

pidfile ./run/slapd.pid

loglevel 	-1 

database bdb
suffix "dc=example, dc=com"

rootdn "cn=jimbob, dc=example, dc=com"
rootpw dirtysecret
directory	./data

index	uid	eq
index	cn,gn,mail eq,sub
index sn eq,sub
index ou eq
index default eq,sub
index telephonenumber

cachesize 10000
checkpoint 128 15

The groups work fine and appear in the CMC under Groups. But when I check on “Users” it won’t show anything…

help…

nivok (BOB member since 2006-09-15)

system · September 19, 2006, 1:56pm

Let me know if you find solution. Groups appear but no users.

tannx (BOB member since 2006-02-20)

system · September 20, 2006, 7:29am

We are in the same situation, groups are added normally but no user are found. BO’s support says that openldap is not supported.

el_celi (BOB member since 2006-09-05)