Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
alix Absent Member.
Absent Member.
2993 views

no access with LDAP

I wan't to configure a LDAP source.

serverURL: ldap://servername:389
UserDN cn=name, o=Organisation
Passwort ****

The user name.Organisation can read the tree (I use this user also as zenproxy in ZCC)

LDAP: GUID (because I use edir)
Users: LDAP attribute: uid

Base DN o=Organisation


but no user is shown in the list and no users can connect. whats wrong?

Tree for normal user is
O=Organisation
OU=users
OU=personal oder OU=students
cn=username

so that we have users: name.personal.users.Organisation and name.students.users.Organisation

I mark:

Synchronize user profiles
Register LDAP user profiles automatically
When deleting users, delete associated user workspaces and content

Synchronize group profiles
Register LDAP group profiles automatically
Synchronize group membership

Allow Login for Local User Accounts, (i.e., user accounts not in LDAP)

:confused:

Is there somewhere a log file? I dont know where the error is. Maybe we have to many users in the tree? (about 600)
0 Likes
12 Replies
alexwarmerdam Absent Member.
Absent Member.

Re: no access with LDAP

Try an ldap browser like apache directory studio to check the uid's. If they are present.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: no access with LDAP

Sorry if this is an obvious thing you have tried, but you don't say you
ticked the box for "search subtree" on the LDAP source. Also you would need
to check the box for "run immediately" before hitting the Apply button.
Then a box pops up to show it scanning the tree for objects.

regards
Paul Kennett
ST-FOUR Ltd

"Alix" <Alix@no-mx.forums.novell.com> wrote in message
news:Alix.5urjjc@no-mx.forums.novell.com...
>
> I wan't to configure a LDAP source.
>
> serverURL: ldap://servername:389
> UserDN cn=name, o=Organisation
> Passwort ****
>
> The user name.Organisation can read the tree (I use this user also as
> zenproxy in ZCC)
>
> LDAP: GUID (because I use edir)
> Users: LDAP attribute: uid
>
> Base DN o=Organisation
>
>
> but no user is shown in the list and no users can connect. whats wrong?
>
> Tree for normal user is
> O=Organisation
> OU=users
> OU=personal oder OU=students
> cn=username
>
> so that we have users: name.personal.users.Organisation and
> name.students.users.Organisation
>
> I mark:
>
> Synchronize user profiles
> Register LDAP user profiles automatically
> When deleting users, delete associated user workspaces and content
>
> Synchronize group profiles
> Register LDAP group profiles automatically
> Synchronize group membership
>
> Allow Login for Local User Accounts, (i.e., user accounts not in LDAP)
>
> :confused:
>
> Is there somewhere a log file? I dont know where the error is. Maybe we
> have to many users in the tree? (about 600)
>
>
> --
> Alix
> ------------------------------------------------------------------------
> Alix's Profile: http://forums.novell.com/member.php?userid=75745
> View this thread: http://forums.novell.com/showthread.php?t=466443
>

0 Likes
jmarton2 Absent Member.
Absent Member.

Re: no access with LDAP

Alix wrote:

> Is there somewhere a log file? I dont know where the error is. Maybe
> we have to many users in the tree? (about 600)


The suggestions from Alex and Paul are the first place to start. Don't
worry about the number of users... 600 is not a problem at all for
Filr. We have customers using Filr and importing users from eDir trees
with tens of thousands of users.

If you ultimately have to dive into the logs, here is the log file that
records the LDAP import info (among other things).

/opt/novell/filr/apache-tomcat/logs/ssf.log

--
Your world is on the move. http://www.novell.com/mobility/
We know what your world looks like. http://www.novell.com/yourworld/

Joe Marton Emeritus Knowledge Partner
0 Likes
alix Absent Member.
Absent Member.

Re: no access with LDAP

The /opt/novell/filr/apache-tomcat/logs/ssf.log log says

Authentication failure for [username] org.springframework.security.core.userdetails.UsernameNotFoundExeption: No such user

The "search subtree" option is marked

I test "Run immediately" after apply it says

"LDAP Synchronisation results" Status in progress and after a short time:
The followig error occured durig the LDAP syncronisation: [LDAP: error code 13 - Confidentialty Required]

I search for the error found this one
Support | iManager ERROR: LDAP: error code 13 - Confidentiality Required

but in imanager the option "use Secure LDAP for auto-Connection" is checked.

found also this old one
Cool Solutions: LDAP error -13
and try port 636 instead of 389 but then the error is Server:636; socked closed

I have no idea whats wrong. It seams the LDAP search for usernames does not work.

The user for the filr, to read the usersources, is the same as I use also for "user sources" in ZCC, there is something about: "port use SSL" 636 ?

Maybe I must open ports on the filr server somehow?

Now I search google for "apache directory Studio", maybe this will give me an hint.
0 Likes
tdebeer Absent Member.
Absent Member.

Re: no access with LDAP

On your ldap server untick tls ...
0 Likes
alix Absent Member.
Absent Member.

Re: no access with LDAP

tdebeer;2262272 wrote:
On your ldap server untick tls ...

??? sorry for my question but: how/where I can do this? In the imanager/configuration/imanager server/ i don't found "tts"

I undertake the task of servermanagement 2 years ago, I never install servers before, I hope they will work until I understand them better! (the chief died suddently)

One user ask me for something like "drop box" so I am glad to read about filr in the last mail from novell. 🙂


BTW: I now installed apache directory Studio, seems the same problem:
- java.lang.Exception: [LDAP: error code 13 - Confidentiality Required]
0 Likes
tdebeer Absent Member.
Absent Member.

Re: no access with LDAP

HI...sorry np .... imanager > ldap > ldap options> ldapgroup> Require TLS for Simple Binds with Password untick this .. refresh / restart ldap ...
0 Likes
tdebeer Absent Member.
Absent Member.

Re: no access with LDAP

sorry only now saw the other error ypu mentioned .. yes that is all about TLS as far as i know... ya the "dropbox" like feauture is so cool...ALL THOSE BIG emails gonna disapper now.. just check the thread on OPenID .. we need to set proxy if you are behind proxy .. waithing for the location off the config file..
0 Likes
alix Absent Member.
Absent Member.

Re: no access with LDAP

Now I found the imanager page:

http://www-user.tu-chemnitz.de/~elu/novell/ldap.jpg

but the tick on "require tsl is not set"? Hmmm...

Maybe I must ask our local Novell support... or the problem is this change:
http://forums.novell.com/novell-product-discussions/file-networking-services/filr/466392-static-ip-filr.html

I'll ask our specialist for Networking! Maybe he has an idea! I'll think the Problems have been narrowed down! Thank you!
I'll first read throgh the other Messages here in the forum.
0 Likes
tdebeer Absent Member.
Absent Member.

Re: no access with LDAP

glad to help a bit .. you did see under the "ldap" server side their is alo TLS settings and port settings etc etc?
0 Likes
alix Absent Member.
Absent Member.

Re: no access with LDAP

Yes thank you, there are many things I don't know! 😉 But now I have an idea where to look.
0 Likes
alix Absent Member.
Absent Member.

Re: no access with LDAP

alexwarmerdam;2261777 wrote:
Try an ldap browser like apache directory studio to check the uid's. If they are present.


Thanks to all hints!

Now it works, the admin studio give me the right idea!
I must use: ldaps://servername:636 cn=user, o=organisation

After apply (run immediately) I can import the uid's!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.