This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to configure LDAP Integration for uCMDB 10.00

Hi,

 

Please help me on tis ..........

 

 

thanks n advance......

Tags:

Parents
  • 0

    Hi,

     

    I have it working nicely here so what's your issue? Did you look at the examles in the help?

     

    gr,

    Ronald

  • 0 in reply to 

    To check the examples please go to Help ->UCMDB Help from main menu. Choose search and look for "Configure LDAP for Active Directory" or "LDAP Mapping". Let us know what went wrong in your case.

  • 0 in reply to 
    Good day all.

    I have the same problem setting up the LDAP integration on uCMDB 10.

    I have gone through all the help files on uCMDB itself but didn't find anything of extra use in resolving my issue.

    The issue I have is that it seems that uCMDB can log in to the LDAP & get all the user info in the logs, but can't pull the info through to the uCMDB gui, in order for me to do the group mappings.

    The error I get in the logs are :

    "returned as a result of a groups search, is not of type ldapGroup or dynamic ldapGroup"

    The groups search filter and root groups filter is as follows :

    (|(objectclass=top)(objectclass=domain)(objectclass=organizationalUnit)(objectclass=person)(objectclass=user)(objectclass=organizationalPerson)(objectclass=groupOfURLs)(objectclass=memberURL))

    I can unfortunately not display the OU, CN & DN details of the company, but the Group Base DN is :

    DC=(country),DC=(domain),DC=(local),DC=com

    Root Groups Base DN is:

    OU=(group),OU=(company),DC=(country),DC=(domain),DC=(local),DC=com

    An interesting thing I noticed is that the group we use doesn't have a group objectclass attribute.

    Will this be the issue?

    Any help would be appreciated.

    Thank you,
    Wynand De Beer.
  • 0 in reply to 

    Hi,

    There are several types of groups in LDAP. Only ldapGroup or dynamic ldapGroup are supported. Please contact your LDAP administrator to clarify this.

     

  • 0 in reply to 

    Hi Dima.

     

    I have confirmed with the LDAP administrator that the environment does have ldapgroups & dynamic ldapgroups. He has given me one of those groups to test again.

     

    But I get the same problem, I can "see" the Group, but the users of that group doesn't display, only a blank page is returned.

     

    Here's an excerpt from the log:

     

    2013-04-16 07:12:42,834 [qtp1200648207-3386] - <<< Entering findUsersInGroup with the following parameters: groupName = {Test group name}, userAttributeNames = [Ljava.lang.String;@d34408f, filternull
    2013-04-16 07:12:42,834 [qtp1200648207-3386] - <<< Entering findUsersAndGroups with the following parameters: groupName = {Test group name}, userAttributeNames = [Ljava.lang.String;@d34408f, depth = 1, filternull
    2013-04-16 07:12:42,834 [qtp1200648207-3386] - <<< Entering createConnectionAndConnect with the following parameters: com.hp.sw.bto.ast.security.uum.UserManagementLDAPConfiguration@617a730e
    2013-04-16 07:12:42,841 [qtp1200648207-3386] - >>> Exiting createConnectionAndConnect with the connection
    2013-04-16 07:12:42,841 [qtp1200648207-3386] - Calling LDAP search with the following parameters: base = DC=country,DC=area,DC=domain,DC=com, scope2, filter = (&(&(objectClass=*)(name=*))(&(objectClass = group)(name = {Correct Group name was returned}))), searchAttributes = [name, memberOf, name, description, objectclass], attrsOnly = false
    2013-04-16 07:12:42,842 [qtp1200648207-3386] - Received the LDAP result set of the size = 1
    2013-04-16 07:12:42,842 [qtp1200648207-3386] - LDAP entry from result set (will be ignored if not of group type): LDAPEntry: CN=group name,OU=Distribution Groups,OU=Groups,OU=company,DC=country,DC=area,DC=domain,DC=com; LDAPAttributeSet: LDAPAttribute {type='objectClass', values='top,group'} LDAPAttribute {type='name', values='Correct group name'}

     

    What could be the problem?

     

    Thank you.

     

    Kind regards,

     

    Wynand.

Reply
  • 0 in reply to 

    Hi Dima.

     

    I have confirmed with the LDAP administrator that the environment does have ldapgroups & dynamic ldapgroups. He has given me one of those groups to test again.

     

    But I get the same problem, I can "see" the Group, but the users of that group doesn't display, only a blank page is returned.

     

    Here's an excerpt from the log:

     

    2013-04-16 07:12:42,834 [qtp1200648207-3386] - <<< Entering findUsersInGroup with the following parameters: groupName = {Test group name}, userAttributeNames = [Ljava.lang.String;@d34408f, filternull
    2013-04-16 07:12:42,834 [qtp1200648207-3386] - <<< Entering findUsersAndGroups with the following parameters: groupName = {Test group name}, userAttributeNames = [Ljava.lang.String;@d34408f, depth = 1, filternull
    2013-04-16 07:12:42,834 [qtp1200648207-3386] - <<< Entering createConnectionAndConnect with the following parameters: com.hp.sw.bto.ast.security.uum.UserManagementLDAPConfiguration@617a730e
    2013-04-16 07:12:42,841 [qtp1200648207-3386] - >>> Exiting createConnectionAndConnect with the connection
    2013-04-16 07:12:42,841 [qtp1200648207-3386] - Calling LDAP search with the following parameters: base = DC=country,DC=area,DC=domain,DC=com, scope2, filter = (&(&(objectClass=*)(name=*))(&(objectClass = group)(name = {Correct Group name was returned}))), searchAttributes = [name, memberOf, name, description, objectclass], attrsOnly = false
    2013-04-16 07:12:42,842 [qtp1200648207-3386] - Received the LDAP result set of the size = 1
    2013-04-16 07:12:42,842 [qtp1200648207-3386] - LDAP entry from result set (will be ignored if not of group type): LDAPEntry: CN=group name,OU=Distribution Groups,OU=Groups,OU=company,DC=country,DC=area,DC=domain,DC=com; LDAPAttributeSet: LDAPAttribute {type='objectClass', values='top,group'} LDAPAttribute {type='name', values='Correct group name'}

     

    What could be the problem?

     

    Thank you.

     

    Kind regards,

     

    Wynand.

Children
  • 0 in reply to 

    Hi.

     

    We have succesfully integrated with LDAP.

     

    The problem was that our specified attributes didn't match the attributes of the LDAP system. And our search filter for users had incorrect syntax.

     

    Thank you.