cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Initial Load AD vs IDM 7.2

former_member246787
Explorer

on ‎03-18-2014 3:00 PM

0 Kudos

Hi Experts IDM!

My scenario is IDM 7.2 SP08 SQL 2008.

I'm doing initial load with AD 2008 and I am with this error below!

fromDSA.doSearch got exception, returning false

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

thanks

Leandro

log.txt.zip
Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member246787
Explorer
‎03-19-2014 5:03 PM
0 Kudos

Hi my Friends!

Problem solved!

The ldap service was stopped, so fo started work initial load

Thank you all and to the next challenge!

Leandro

Show replies
Show replies
former_member2987
Active Contributor
‎03-18-2014 3:07 PM
0 Kudos

Leonardo,

An LDAP 49 error means you have entered the wrong credentials. Double check the user name and password you have entered.

Note the AD login must be in "DN" format (e.g., cn=jdoe,ou=users,dc=somedomain,dc=com)

Hope this helps,

Matt

Show replies
Show replies
bxiv
Active Contributor
‎03-18-2014 3:40 PM
0 Kudos

@Matt thats interesting that you use DN formats for the username to access LDAP/Active Directory, I always specified user accounts in the following method:

domain.null\userID

userID@domain.null

However just yesterday we decided to de-com the IdM systems (lack of project sponsorship) so I can't verify 100% what I used to connect to my company's Active Directory...

Another consideration to have @Leandro is to verify the service account has not been locked out or expired in Active Directory, but also verify you have the correct permissions to access Active Directory.

former_member246787
Explorer
‎03-18-2014 6:17 PM
0 Kudos

Hi Matt,

I'm using the User administrator for initial load!

Follows the prints attached, the error.

Thanks

Leandro

bxiv
Active Contributor
‎03-18-2014 6:23 PM
0 Kudos

Have you tried the following for the LDAP_LOGIN:

administrator@trustsis.com

trustsis\administrator

former_member246787
Explorer
‎03-18-2014 6:40 PM
0 Kudos

Hi Billy,

I tried following the example but the error continues!

Any other ideas that might be

Thanks

Leandro

bxiv
Active Contributor
‎03-18-2014 7:15 PM
0 Kudos

Hopefully not related but you have a LDAP starting point entry for wdf.sap.com, may help to remove that or update it for your environment.

Former Member
‎03-18-2014 10:21 PM
0 Kudos

The LDAP for the default users is:

cn=Administrator,CN=Users...

Its not an OU...

Peter

former_member2987
Active Contributor
‎03-26-2014 12:14 PM
0 Kudos

Billy, I know that method worked when we used NTLM and I guess it would work for AD as well.  Never really thought about it.  Something new to play with.  Thanks!

Sorry to hear IDM was decommissioned. Any plans to revisit it? Or is your company moving in another direction?

Matt

bxiv
Active Contributor
‎03-28-2014 12:15 AM
0 Kudos

Never a problem

Currently we plan on updating 80% of the systems that are 2 years behind in updates (Ehp 7 on ECC from Ehp 5), and the deadline is before fall for Production due to our busy season kicking up.  Next year I've heard rumors of all US locations being switched over to SAP (I think we have less than 10, going on 2.5 yrs now).

No new direction, just like IdM no one wants to own or support keeping all IDs unified; and I had to correct numerous people who assumed this was a SSO solution...http://forum.melee.org/avs/avatar_835_1311946592.gif

Ask a Question