Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
1 reply Latest Post - ‏2012-06-04T14:51:18Z by gulfsoft
fcollingwood
fcollingwood
1 Post
ACCEPTED ANSWER

Pinned topic ITNCM LDAP Authentication

‏2012-04-26T22:59:01Z |
Hi All

Trying to configure ITNCM to authenticate users via LDAP using this technote: https://www-304.ibm.com/support/entdocview.wss?uid=swg21580272

Unfortunately, it's a little sparse on detail, and once LDAP has been configured as the user account repository, even though the administrator user exists in LDAP, I'm unable to login as the administrator user. the message is "The user name/password is invalid or does not belong to a valid group".

I am able to log into the eWAS console as the Intelliden user, using the password configured in LDAP, so at least I can change the repository back. I can not log in to the ITNCM console using the Intelliden user credentials.

Any help, pointers, tips regarding getting LDAP authentication up and running with ITNCM would be much appreciated
Updated on 2012-06-04T14:51:18Z at 2012-06-04T14:51:18Z by gulfsoft
  • gulfsoft
    gulfsoft
    8 Posts
    ACCEPTED ANSWER

    Re: ITNCM LDAP Authentication

    ‏2012-06-04T14:51:18Z  in response to fcollingwood
    The place where this normally goes wrong is in these lines (from the link you provided):

    User filter: (&(uid=%v)(objectclass=person))
    Group Filter: (&(cn=%v)(objectclass=groupOfNames))
    User ID map: *:uid
    Group ID map: *:cn
    Group member ID map: groupOfNames:member

    So this is finding users based on the value of the "uid" attribute. If your userids are based on the "cn" attribute, for example, the above would need to be changed to:

    User filter: (&(cn=%v)(objectclass=person))
    Group Filter: (&(cn=%v)(objectclass=groupOfNames))
    User ID map: *:cn
    Group ID map: *:cn
    Group member ID map: groupOfNames:member

    You may also have a problem with these lines:

    Base distinguished name (DN): o=ibm
    Bind distinguished name (DN): cn=Manager,o=ibm

    Yours have to be something different that the above, and that's specific to your environment. Your local LDAP admin should be able to help.

    Frank
    We can make Tivoli software work for you!
    www.gulfsoft.com