on 09-19-2014 12:12 AM
Hi,
I've been able to successfully use the authentication wizard to configure LDAP to a remote Windows AD. I was able to configure and add some groups. That worked fine and created user aliases in CMC. I did all the nss keystore and java .keystore work on the BOXI server and the CMC configuration worked as I said.
Now I'm having users from that domain try to log into CMC. They are getting this error:
Account Information Not Recognized: The secLdap plugin failed to connect to the specified hosts. (FWB 00028)
I then proceeded to have the firewall opened up for the web server/ in addition to the BOXI server. I tested from that server using ldp.exe successfully.
Can anyone advise on this? Was opening ports on the web server needed? Do I need to do more keystore configs on this web server?
Thanks,
Sam
One thing I did notice from this note: https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm?param=69765F6D6F6465...
They specify to use the global catalog LDAP port 3268. Is this necessary?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Samuel,
So as i understand, LDAP log in via Designer (client tool) works, but fails when you try logging in through CMC.
The port number 3268 runs the global catalog service. It is recommended to use it ONLY in case multiple domains.
Have you configured SSL? If yes please confirm that you are using port number 636 and not 389.
Try logging in using FQDN and see if it helps i.e. user@DOMAIN.COM
If possible, please share the screenshot of the attribute mappings.
Regards,
Nagendra
Nagendra,
I am using 636 in the configuration in CMC. However, I have not configured any certificates for CMC to use. I was reading a guide for XIR2, but we are actually on XI 3 SP 5 I believe. Is it necessary to create a java keystore for the CMC application? The admin manual is not very specific about this configuration unfortunately....I've been looking
Thanks again!
Hi Samuel,
Well you have 2 options from here:
1) Use port 389 (with no-SSL) instead and you should be good to log-in using LDAP authentication.
Else,
2) Configure SSL with certificates and all to use port no. 636
You can refer KB : http://service.sap.com/sap/support/notes/1259855
The Admin guide should be of help as well.
Hope this helps
Regards,
Nagendra
I was able to successfully test a connection using Designer. I have also used windows network monitor to capture LDAP activity during that success. When I attempt to login via CMC web app, I still get no TCP traffic to the domain controller IP address.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Samuel,
You might want to have a look at the attribute mappings again in the LDAP configuration.
Refer - http://service.sap.com/sap/support/notes/1245218
Regards,
Nagendra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.