cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Login from CMC using LDAP to Win AD failing - failed to connect to specified host.

Former Member

on ‎09-19-2014 12:12 AM

0 Kudos

Hi,

I've been able to successfully use the authentication wizard to configure LDAP to a remote Windows AD.  I was able to configure and add some groups.  That worked fine and created user aliases in CMC.  I did all the nss keystore and java .keystore work on the BOXI server and the CMC configuration worked as I said.

Now I'm having users from that domain try to log into CMC.  They are getting this error:

Account Information Not Recognized: The secLdap plugin failed to connect to the specified hosts. (FWB 00028)

I then proceeded to have the firewall opened up for the web server/ in addition to the BOXI server.  I tested from that server using ldp.exe successfully.

Can anyone advise on this?  Was opening ports on the web server needed?  Do I need to do more keystore configs on this web server?

Thanks,

Sam

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎09-24-2014 7:43 PM
0 Kudos

One thing I did notice from this note:  https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm?param=69765F6D6F6465...

They specify to use the global catalog LDAP port 3268.  Is this necessary? 

Show replies
Show replies
former_member197037
Participant
‎09-25-2014 4:26 AM
0 Kudos

Hi Samuel,

So as i understand, LDAP log in via Designer (client tool) works, but fails when you try logging in through CMC.

The port number 3268 runs the global catalog service. It is recommended to use it ONLY in case multiple domains.

Have you configured SSL? If yes please confirm that you are using port number 636 and not 389.

Try logging in using FQDN and see if it helps i.e. user@DOMAIN.COM

If possible, please share the screenshot of the attribute mappings.

Regards,

Nagendra

Former Member
‎09-25-2014 2:53 PM
0 Kudos

Nagendra,

I am using 636 in the configuration in CMC.  However, I have not configured any certificates for CMC to use.  I was reading a guide for XIR2, but we are actually on XI 3 SP 5 I believe.  Is it necessary to create a java keystore for the CMC application?  The admin manual is not very specific about this configuration unfortunately....I've been looking

Thanks again!

former_member197037
Participant
‎09-25-2014 4:03 PM
0 Kudos

Hi Samuel,

Well you have 2 options from here:

1) Use port 389 (with no-SSL) instead and you should be good to log-in using LDAP authentication.

Else,

2) Configure SSL with certificates and all to use port no. 636

     You can refer KB : http://service.sap.com/sap/support/notes/1259855

     The Admin guide should be of help as well.

Hope this helps

Regards,

Nagendra

Former Member
‎09-24-2014 7:41 PM
0 Kudos

I was able to successfully test a connection using Designer.  I have also used windows network monitor to capture LDAP activity during that success.  When I attempt to login via CMC web app, I still get no TCP traffic to the domain controller IP address.

Show replies
Show replies
Former Member
‎09-19-2014 2:09 PM
0 Kudos

Refer this SAP Note

http://service.sap.com/sap/support/notes/1470160

http://service.sap.com/sap/support/notes/1593657

Show replies
Show replies
Former Member
‎09-24-2014 7:39 PM
0 Kudos

Ilayaperumal,

I modified the host file, but still get the same error.

Thanks for your assistance.

former_member197037
Participant
‎09-19-2014 5:30 AM
0 Kudos

Hi Samuel,

You might want to have a look at the attribute mappings again in the LDAP configuration.

Refer - http://service.sap.com/sap/support/notes/1245218

Regards,

Nagendra

Show replies
Show replies
Former Member
‎09-24-2014 7:39 PM
0 Kudos

Hi Nagendra,

Thanks for your reply.

I changed attribute mappings to use sAMAccountName, but didn't have a successful test.

Ask a Question