Message from discussion
Active Directory problem
Received: by 10.142.163.13 with SMTP id l13mr171645wfe.18.1233879677521;
Thu, 05 Feb 2009 16:21:17 -0800 (PST)
Return-Path: <bedd...@intient.com>
Received: from rv-out-0708.google.com (rv-out-0708.google.com [209.85.198.244])
by mx.google.com with ESMTP id k32si5590416wah.1.2009.02.05.16.21.17;
Thu, 05 Feb 2009 16:21:17 -0800 (PST)
Received-SPF: pass (google.com: domain of bedd...@intient.com designates 209.85.198.244 as permitted sender) client-ip=209.85.198.244;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of bedd...@intient.com designates 209.85.198.244 as permitted sender) smtp.mail=bedd...@intient.com
Received: by rv-out-0708.google.com with SMTP id b17so485695rvf.48
for <esoe-users@googlegroups.com>; Thu, 05 Feb 2009 16:21:17 -0800 (PST)
Received: by 10.141.41.12 with SMTP id t12mr788481rvj.289.1233879676077;
Thu, 05 Feb 2009 16:21:16 -0800 (PST)
Return-Path: <bedd...@intient.com>
Received: from ?114.72.61.174? ([114.72.61.174])
by mx.google.com with ESMTPS id f42sm1804320rvb.5.2009.02.05.16.21.11
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Thu, 05 Feb 2009 16:21:14 -0800 (PST)
Message-Id: <B6F74A97-F48E-46F1-A26F-235199AD375D@intient.com>
From: Bradley Beddoes <bedd...@intient.com>
To: "esoe-users@googlegroups.com" <esoe-users@googlegroups.com>
In-Reply-To: <a4dc2762-f783-405f-8be1-93ceeac17bf1@w1g2000prm.googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
X-Mailer: iPhone Mail (5H11)
Subject: Re: [esoe-users] Re: Active Directory problem
Date: Fri, 6 Feb 2009 10:21:02 +1000
References: <0b78c192-5ee2-49d5-9837-ed458275fed0@o40g2000prn.googlegroups.com> <498B740B.1010501@intient.com> <a4dc2762-f783-405f-8be1-93ceeac17bf1@w1g2000prm.googlegroups.com>
Hi
You're still missing the uid= or sAMAccountName= on the dn for you're
admin user based on the confit you've just provided
regards,
Bradley Beddoes
Lead Software Architect
Intient Pty Ltd
http://www.intient.com
On 06/02/2009, at 10:09, Michael <MichaelBli...@hotmail.com> wrote:
>
> Hello Bradley,
>
> Thanks for your quick reply (I went off for a coffee). Yes, nslookup
> does resolve correctly, as shown below. I have updated adminUser-1 to
> "tsadmin,dc=tsdev,dc=inside" or "tsadmin,cn=users,dc=tsdev,dc=inside"
> without luck.
>
> I also noticed the following in esoe-authn.log - is the lack of
> something at the end a concern?
>
> 2009-02-06 09:23:05,765 ERROR esoe.authn - Failed to authenticate
> principal tsadmin to underlying authentication mechanism identified by
> external ESOE ID of:
>
> Results of nslookup:
>
> C:\Documents and Settings\mblight>nslookup smstsdc01
> Server: smstsdc01.tsdev.inside
> Address: 192.168.20.1
>
> Name: smstsdc01.TSDEV.Inside
> Address: 192.168.20.1
>
> On Feb 6, 10:19 am, Bradley Beddoes <bedd...@intient.com> wrote:
>> Hi Michael,
>>
>> Michael wrote:
>>> Hi All,
>>
>>> I have got past a few problems with installation, and have finally
>>> got
>>> to the login page, but continually come up with a login failure. I
>>> have tested my LDAP connection and credentials using an LDAP browser
>>> and they work fine, but I am no expert here.
>>
>>> I have tried a few options by stopping Tomcat, changing the "## LDAP
>>> Server 1 Connection" section of esoe.config and restarting. Is this
>>> going to pick up my changes? The current details are:
>>
>>> ldapURL-1=ldap://smstsdc01
>>
>> This needs to be the server DNS entry does 'nslookup smstsdc01'
>> resolve
>> in DNS for you?. If not you'll need something like
>> smstsdc01.company.com
>>
>>> ldapServer-1=smstsdc01
>>> ldapServerPort-1=389
>>> baseDN-1=DC=TSDEV,DC=Inside
>>> identifier-1=sAMAccountName
>>> recursive-1=true
>>> disableSSL-1=true
>>> adminUser-1=tsdev\tsadmin
>>
>> This needs to be a DN so something like
>> sAMAccountName=tsadmin,dc=tsdev,dc=inside - please adjust accordingly
>> for your environment.
>>
>>> adminPassword-1=neveryoumind
>>
>>> I have tried the "ldapURL-1" with/without port, and "baseDN-1" with/
>>> without "CN=Users". The default for "identifier-1" in this
>>> section is
>>> "uid", but the LDAP browser shows no such property. I have tried
>>> replacing it with "sAMAccountName", which the LDAP browser shows as
>>> being the account name, but it doesn't work.
>>
>> sAMAccountName for AD is the best option, you can add the cn=users to
>> baseDN if you like but get it working without this first would be my
>> recommendation.
>>
>>
>>
>>
>>
>>
>>
>>> During installation I did the following that was slightly different
>>> from the instructions:
>>> - Edited generate_db-mysql to comment out the constraints as they
>>> caused problems with MySQL.
>>> - Ignored the installation step of "Extract spep-shared.tar.gz to
>>> your
>>> $TOMCAT/shared/lib directory of the tomcat instance which will run
>>> esoemanager" as the file did not exist.
>>> - I was confused by "Your database itself is already configured,
>>> undertake the following for your environment." as no database had
>>> been
>>> created, and the in the next step it was to be used. In MySql I
>>> manually created the esoe database, after setting the engine to
>>> InnoDB
>>> (to fix something).
>>
>>> I am using Windows 2003, Tomcat 5.5, MySql 5.1.30, JRE 6, and the
>>> "current" build of OSOE (which I assume is 0.5.2 or thereabouts).
>>
>> From memory that is the latest binary build versioning, things have
>> progressed significantly in SVN head however.
>>
>>
>>
>>> If anybody can help with the Active Directory integration I would be
>>> very grateful.
>>
>> Hopefully the above is of assistance.
>>
>> --
>> Bradley Beddoes
>> Lead Software Architect
>>
>> Intienthttp://www.intient.com
>>
>> Telephone
>> Australia: (07) 3102 4560
>> United States: (424) 785-0434- Hide quoted text -
>>
>> - Show quoted text -
> >
|
