cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

E-Sourcing LDAP Configuration

Former Member

on ‎11-19-2009 9:54 PM

0 Kudos

We want to use a Microsoft Active Directory LDAP to authenticate buy-side users. We have configured the buy-side directory for LDAP - Microsoft Active Directory but when we do the Test -> Configuration we get a communicatiion error. This is a read-only LDAP and all we want to do is authenticate the buy-side users from the corporate LDAP.

It seems that regardless of the Driver Configuration Features and Controls settings, we still get the error but in some cases the user id needs to be entered and in other cases we have to manually add the lookup parameters. Also, if a wild card is used for the search, it still gets the error. The only thing we see in the application fpa_*.log is 'search failed'.

The active buy and sell side directory configurations are using the Local driver and are working OK. However, we need to get the LDAP working before we can go live on production.

Does the directory need to be active before the configuration test will work? Are there any other logs besides the application (fpa*.log) logs in /FCI_HOME? Are there any other Properties or Attributes Mapping that need to be set? Any help would be appreciated.

WL

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎01-20-2010 1:47 PM
0 Kudos

Hi Wayne,

Not sure if you have figured this out already.

At my end for the MS active directory configuration authentication features, I had selected only "Browsing" since it was a read-only system part of the corporate active directory listing.

Regarding the filters, I personally would not change anything from the out of the box Sun One directory configuration filter setting.

Here it is again for your reference.

Browse Filter : (|(&(objectclass=person)(|(uid=<%SEARCH_KEYWORD%>)(cn=<%SEARCH_KEYWORD%>)(mail=<%SEARCH_KEYWORD%>)(telephonenumber=<%SEARCH_KEYWORD%>))))

Lookup Filter : (&(objectclass=person)(uid=<%CURRENT_USER_NAME%>))

Hope it helps you.

Balaji

Show replies
Show replies
Former Member
‎12-30-2009 10:09 AM
0 Kudos

Hi Wayne,

I just completed configuring LDAP authentication on my E-Sourcing box. I have pointed the system to the corporate Microsoft Active directory being read-only

I would suggest looking at the following points.

a) Host and Port : Make sure the host name is accessible from the E-Sourcing system. Port needs to be 389 for standard and 636 for SSL

b) Base DN : You should get hold of the base dn (Directory name) for instance ou=Users,dc=mycompany,dc=com

c) Directory user name : Provide a user name with domain name to authentication (Mandatory if the active directory requires authentication) For example - mydomain\user_name

d) Directory Password : Provide the password for the user provided in (c)

e) Base Search DN : Retain the same entry as in Base DN

f) On the properties tab of directory configuration, change the domain_dn value to match Base DN

For all other entries retain the out of box Active directory Buyside directory configuration that is provided.

LDAP should start working without a problem

Regards,

Balaji

Show replies
Show replies
Former Member
‎01-07-2010 10:39 PM
0 Kudos

Thank you Balaji, this information was very heloful. I had to use a Sun LDAP setup as a reference and it is different from MS.

I think now I am having filter issues because the test shows no errors but does not return any values. Can you tell me if the syntax of the filters is the same in Sun and MS. I am using the following filter values and they don't seem to be working.

Browse...

(|(&(objectclass=person)(|(sAMAccountName=<%SEARCH_KEYWORD%>)(cn=<%SEARCH_KEYWORD%>)(mail=<%SEARCH_KEYWORD%>)(telephonenumber=<%SEARCH_KEYWORD%>))))

and Lookup...

(&(objectclass=person)(sAMAccountName=<%CURRENT_USER_NAME%>))

Also, what values did you use for the Driver Configuration Authenticator Features and Contols for MS read-only? I don't know if that is part of my issue or not.

Thanks again for your response. Any additional information will ge greatly appreciated.

WL

Former Member
‎01-20-2010 5:03 PM
0 Kudos

Hi Wayne,

Your search filters look correct for AD, using sAMAccountName in place of UID. UID is a valid attribute in AD (2003 and up) but is not typically populated.

Maybe your searchbase is wrong? In a previous example, "ou=Users,dc=mycompany,dc=com" was provided. In AD, the default Users container is actually a CN "cn=Users,dc=mycompany,dc=com"

Thanks!

Kyle

Former Member
‎12-18-2009 9:44 PM
0 Kudos

Which port are you using 389 or 636?

For 389 if you are getting communication error, then modify your filters, i had the issue with Lookup filter.

For 636 you need SSL certs under the application's java key store directory.

Thanks

JS

Show replies
Show replies
Former Member
‎12-23-2010 5:48 PM
0 Kudos

Hi,

We are using the Port 636 with microsoft active directory. We are on IBM Websphere app server.

Where can I find the Keystore directory? Can you provide the full path for that ? I want to do some testing on the Test instance.

Thanks !

RESOLVED

Investigated, Found the path for certs file, Done the configuration and tested successfully. Thanks !

RESOLVED

Edited by: ESO123 on Jan 12, 2011 7:26 PM

Ask a Question
Top Q&A Solution Author
View all