cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AE 5.2 LDAP connector with anonymous bind

Go to solution
Former Member

on ‎06-18-2008 6:00 AM

0 Kudos

Hi,

I need to set up a LDAP connector, but unsure how I can do it with a LDAP that requires anonymous bind.

No matter what I put in, I just get "Connection failed". Using LDAP Browser, I can connect just fine.

Thanks

Henrik

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member366047
Contributor
‎06-18-2008 12:56 PM
0 Kudos

Henrik-

We implemented a LDAP connection with an anonymous bind. You should work with your LDAP team to obtain the correct:

Server Name

Domain

Port

User Principal Name

Password

What kind of LDAP are you trying to connect? Active Directory? SUN One?...

Ankur

GRC Consultant

Show replies
Show replies
Former Member
‎06-24-2008 12:54 AM
0 Kudos

Hi Ankur,

Thanks for the response, and sorry I haven't gotten back to you earlier.

It's an active directory ldap.

I have got the correct information regarding servername etc, as I can connect using LDAP browser (freeware tool), when using anonymous bind. But since I can't use anonymous bind in AE, then what? Should I have an authorised user set up? Surely AE should be able to handle anonymous

former_member366047
Contributor
‎06-24-2008 12:27 PM
0 Kudos

Henrik-

To my understanding, if you change the seventh character of the dsHeuristics attribute to 2, anonymous clients can perform any operation through LDAP. Then you can use the exact same directory object to execute your searches.

Please ensure, this is valid in the UME settings and the Config Tool settings.

If this does not work, then let me know, and I will talk to my LDAP person...

Ankur

GRC Consultant

Former Member
‎06-24-2008 11:00 PM
0 Kudos

Sorry, you lost me there

"the seventh character of the dsHeuristics attribute to 2" - I assume that refers to the LDAP? Surely, it should be possible without making changes to the LDAP. The UME is not linked in to the LDAP at all...

thanks for your time!

former_member366047
Contributor
‎06-24-2008 11:10 PM
0 Kudos

Henrik-

What I was trying to say is that it is not easy to create an anonymous bind with LDAP, and that is not normal practice to do so.

The UME is connected to LDAP for authentication and LDAP sources. You can see this in the configuration. For authentication port 636 is used and for data sources port 389 is used...

Ankur

GRC Consultant

Former Member
‎06-24-2008 11:55 PM
0 Kudos

Okay, thanks for that. I wasn't actually trying to use it for authentication, only as a source of data for new users.

Is there no way that can be done without modifying the LDAP itself? It's a corporate LDAP, and I'm just setting up a proof-of-concept AE system.

thanks

former_member366047
Contributor
‎06-25-2008 12:17 AM
0 Kudos

Henrik-

Yes, my point was, you don't have to change anything with the LDAP. You need the correct directory string to access it. We are using an anonymous bind for our LDAP.

You have confirm with your LDAP person, if your attempt to access the LDAP through your Freeware browser actually tried to fetch data from it, or was it only authenticating. There is a big difference between the two. I used a Freeware browser to attempt to solve our LDAP problem.

So:

- Apply the latest SP to AE (SP 9 was just released today).

- Define the correct string to fetch data from the LDAP.

- Use the correct LDAP port (I believe it's 389 for fetching data).

We could not get our LDAP to work with AE until SAP released a patch in SP 8.

Hope this helps. If not, then create an OSS Note to SAP...

Ankur

GRC Consultant

Former Member
‎06-25-2008 1:53 AM
0 Kudos

With the LDAP Browser, I get data, so the string should be okay, and I'm using the correct port as well.

I will try to see if we can get the latest patch applied, and I'll let you know

thanks!!

Answers (0)

Ask a Question