Active Directory problem - ESOE Users

Message from discussion Active Directory problem
Received-SPF: pass (google.com: domain of bedd...@intient.com designates 209.85.142.186 as permitted sender) client-ip=209.85.142.186;
Message-ID: <498B740B.1010501@intient.com>
Date: Fri, 06 Feb 2009 09:19:39 +1000
From: Bradley Beddoes <bedd...@intient.com>
Organization: Intient Pty Ltd
User-Agent: Thunderbird 2.0.0.19 (Macintosh/20081209)
MIME-Version: 1.0
To: esoe-users@googlegroups.com
Subject: Re: [esoe-users] Active Directory problem
References: <0b78c192-5ee2-49d5-9837-ed458275fed0@o40g2000prn.googlegroups.com>
In-Reply-To: <0b78c192-5ee2-49d5-9837-ed458275fed0@o40g2000prn.googlegroups.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi Michael,

Michael wrote:
> Hi All,
> 
> I have got past a few problems with installation, and have finally got
> to the login page, but continually come up with a login failure.  I
> have tested my LDAP connection and credentials using an LDAP browser
> and they work fine, but I am no expert here.
> 
> I have tried a few options by stopping Tomcat, changing the "## LDAP
> Server 1 Connection" section of esoe.config and restarting.  Is this
> going to pick up my changes?  The current details are:
> 
> ldapURL-1=ldap://smstsdc01

This needs to be the server DNS entry does 'nslookup smstsdc01' resolve 
in DNS for you?. If not you'll need something like smstsdc01.company.com

> ldapServer-1=smstsdc01
> ldapServerPort-1=389
> baseDN-1=DC=TSDEV,DC=Inside
> identifier-1=sAMAccountName
> recursive-1=true
> disableSSL-1=true
> adminUser-1=tsdev\tsadmin

This needs to be a DN so something like 
sAMAccountName=tsadmin,dc=tsdev,dc=inside - please adjust accordingly 
for your environment.

> adminPassword-1=neveryoumind
> 
> I have tried the "ldapURL-1" with/without port, and "baseDN-1" with/
> without "CN=Users".  The default for "identifier-1" in this section is
> "uid", but the LDAP browser shows no such property.  I have tried
> replacing it with "sAMAccountName", which the LDAP browser shows as
> being the account name, but it doesn't work.

sAMAccountName for AD is the best option, you can add the cn=users to 
baseDN if you like but get it working without this first would be my 
recommendation.

> 
> During installation I did the following that was slightly different
> from the instructions:
> - Edited generate_db-mysql to comment out the constraints as they
> caused problems with MySQL.
> - Ignored the installation step of "Extract spep-shared.tar.gz to your
> $TOMCAT/shared/lib directory of the tomcat instance which will run
> esoemanager" as the file did not exist.
> - I was confused by "Your database itself is already configured,
> undertake the following for your environment." as no database had been
> created, and the in the next step it was to be used.  In MySql I
> manually created the esoe database, after setting the engine to InnoDB
> (to fix something).
> 
> I am using Windows 2003, Tomcat 5.5, MySql 5.1.30, JRE 6, and the
> "current" build of OSOE (which I assume is 0.5.2 or thereabouts).

 From memory that is the latest binary build versioning, things have 
progressed significantly in SVN head however.

> 
> If anybody can help with the Active Directory integration I would be
> very grateful.

Hopefully the above is of assistance.

-- 
Bradley Beddoes
Lead Software Architect

Intient
http://www.intient.com

Telephone
Australia: (07) 3102 4560
United States: (424) 785-0434