Topic
6 replies Latest Post - ‏2013-01-23T07:49:16Z by SystemAdmin
SystemAdmin
SystemAdmin
13279 Posts
ACCEPTED ANSWER

Pinned topic can't config LDAP

‏2012-12-28T14:06:39Z |
Hello

IBM Director 6.3.2
LDAP Windows AD 2008 R2

http://pic.dhe.ibm.com/infocenter/director/pubs/index.jsp?topic=%2Fcom.ibm.director.plan.helps.doc%2Ffqm0_r_os_supported_by_ibm_director_630.html

I can't configure LDAP in Director server. Config file in attachment. Can anybody help me?
Updated on 2013-01-23T07:49:16Z at 2013-01-23T07:49:16Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    13279 Posts
    ACCEPTED ANSWER

    Re: can't config LDAP

    ‏2013-01-09T06:08:15Z  in response to SystemAdmin
    Can anybody help me?
  • SystemAdmin
    SystemAdmin
    13279 Posts
    ACCEPTED ANSWER

    Re: can't config LDAP

    ‏2013-01-09T13:58:06Z  in response to SystemAdmin
    The securityLDAP.properties contain:
    com.ibm.lwi.rolemanagerfragment=com.ibm.lwi.security.rolemanagers.ldap.RoleManagerLdap

    com.ibm.lwi.security.jaas.jaasindex=Jaas2.LdapWithHandler

    com.ibm.lwi.security.jaas.failedLoginHandler=com.ibm.security.jaas2lwi.FailedLoginHandler
    com.ibm.lwi.security.jaas.failedLoginHandler.debug=true
    com.ibm.lwi.security.numFailedAttempts=5

    com.ibm.lwi.security.jaas.failedLoginHandler.normalizeUsernameClass=com.ibm.security.jaas2lwi.CaseNormalizeUsername

    com.ibm.lwi.security.rolemanagers.ldap.getGroupsByUser.includeNested = true

    com.ibm.lwi.LDAPHost = 10.10.10.1



    what else must i add?

    com.ibm.lwi.LDAPPort = 389

    com.ibm.lwi.LDAPAdminUser = CN=Administrator,CN=Users,DC=domain,DC=local

    com.ibm.lwi.LDAPAdminPassword = 123456

    com.ibm.lwi.LDAPBase = dc=domain,dc=local
    com.ibm.lwi.searchfilter = (&(sAMAccountName=%v)(objectcategory=user))

    com.ibm.lwi.rolemanager.ldap.filters.usergroup = (|(objectCategory=group)(objectCategory=groupOfNames))

    com.ibm.lwi.rolemanager.ldap.filters.users = (|(objectCategory=person)(objectCategory=user))

    com.ibm.lwi.rolemanager.ldap.names.memberAttribute = member

    com.ibm.lwi.rolemanager.ldap.names.loginName = sAMAccountName
    • SystemAdmin
      SystemAdmin
      13279 Posts
      ACCEPTED ANSWER

      Re: can't config LDAP

      ‏2013-01-10T01:01:55Z  in response to SystemAdmin
      These issues are difficult to debug and most easily fixed when working with the Help Center.

      Did you encode the LDAPAdminPassword ?

      Do you have a domain group named smadmin, and is your user in that group?

      ----
      Craig Elliott
      IBM Advanced Technical Skills
      • SystemAdmin
        SystemAdmin
        13279 Posts
        ACCEPTED ANSWER

        Re: can't config LDAP

        ‏2013-01-10T06:02:43Z  in response to SystemAdmin
        Yes I have "smadmin" group in AD domain.
        Must i encoded Administrator password? Can I put in clear text or no?
        • SystemAdmin
          SystemAdmin
          13279 Posts
          ACCEPTED ANSWER

          Re: can't config LDAP

          ‏2013-01-18T21:31:05Z  in response to SystemAdmin
          Yes, you must encode the Administrator's password in the file SecurityLDAP.properties.

          Take a look at the InfoCenter http://pic.dhe.ibm.com/infocenter/director/pubs/topic/com.ibm.director.security.helps.doc/fqm0_t_ldap_authentication.html for the syntax used to encode the password.
          ----
          Craig Elliott
          IBM Advanced Technical Skills
          • SystemAdmin
            SystemAdmin
            13279 Posts
            ACCEPTED ANSWER

            Re: can't config LDAP

            ‏2013-01-23T07:49:16Z  in response to SystemAdmin
            Thank you very much!!! Now is all ok!!! I add this

            - cd C:\Program Files\IBM\Director\lwi\bin
            - lwiencoder.bat -filename securityLDAP.properties -keylist com.ibm.lwi.LDAPAdminPassword
            - net stop dirserver
            - copy securityLDAP.properties C:\Program Files\IBM\Director\lwi\conf\overrides
            - net start dirserver

            com.ibm.lwi.LDAPAdminPassword = {aes:3C6456SnKQL63SjkEy44Gs+vHF6nQzC+Dil1NzNvSiAzzk=}q2hb2A

            The securityLDAP.properties contain:

            com.ibm.lwi.rolemanagerfragment=com.ibm.lwi.security.rolemanagers.ldap.RoleManagerLdap

            com.ibm.lwi.security.jaas.jaasindex=Jaas2.LdapWithHandler

            com.ibm.lwi.security.jaas.failedLoginHandler=com.ibm.security.jaas2lwi.FailedLoginHandler
            com.ibm.lwi.security.jaas.failedLoginHandler.debug=true
            com.ibm.lwi.security.numFailedAttempts=5

            com.ibm.lwi.security.jaas.failedLoginHandler.normalizeUsernameClass=com.ibm.security.jaas2lwi.CaseNormalizeUsername

            com.ibm.lwi.security.rolemanagers.ldap.getGroupsByUser.includeNested = true

            com.ibm.lwi.LDAPHost = 10.10.10.1
            com.ibm.lwi.LDAPPort = 389

            com.ibm.lwi.LDAPAdminUser = CN=Administrator,CN=Users,DC=domain,DC=local

            com.ibm.lwi.LDAPAdminPassword = {aes:3C6456SnKQL63SjkEy44Gs+vHF6nQzC+Dil1NzNvSiAzzk=}q2hb2A

            com.ibm.lwi.LDAPBase = dc=domain,dc=local

            com.ibm.lwi.searchfilter = (&(sAMAccountName=%v)(objectcategory=user))

            com.ibm.lwi.rolemanager.ldap.filters.usergroup = (|(objectCategory=group)(objectCategory=groupOfNames))

            com.ibm.lwi.rolemanager.ldap.filters.users = (|(objectCategory=person)(objectCategory=user))

            com.ibm.lwi.rolemanager.ldap.names.memberAttribute = member

            com.ibm.lwi.rolemanager.ldap.names.loginName = sAMAccountName