Topic
  • 6 replies
  • Latest Post - ‏2013-01-23T07:49:16Z by SystemAdmin
SystemAdmin
SystemAdmin
13279 Posts

Pinned topic can't config LDAP

‏2012-12-28T14:06:39Z |
Hello

IBM Director 6.3.2
LDAP Windows AD 2008 R2

http://pic.dhe.ibm.com/infocenter/director/pubs/index.jsp?topic=%2Fcom.ibm.director.plan.helps.doc%2Ffqm0_r_os_supported_by_ibm_director_630.html

I can't configure LDAP in Director server. Config file in attachment. Can anybody help me?
Updated on 2013-01-23T07:49:16Z at 2013-01-23T07:49:16Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    13279 Posts

    Re: can't config LDAP

    ‏2013-01-09T06:08:15Z  
    Can anybody help me?
  • SystemAdmin
    SystemAdmin
    13279 Posts

    Re: can't config LDAP

    ‏2013-01-09T13:58:06Z  
    The securityLDAP.properties contain:
    com.ibm.lwi.rolemanagerfragment=com.ibm.lwi.security.rolemanagers.ldap.RoleManagerLdap

    com.ibm.lwi.security.jaas.jaasindex=Jaas2.LdapWithHandler

    com.ibm.lwi.security.jaas.failedLoginHandler=com.ibm.security.jaas2lwi.FailedLoginHandler
    com.ibm.lwi.security.jaas.failedLoginHandler.debug=true
    com.ibm.lwi.security.numFailedAttempts=5

    com.ibm.lwi.security.jaas.failedLoginHandler.normalizeUsernameClass=com.ibm.security.jaas2lwi.CaseNormalizeUsername

    com.ibm.lwi.security.rolemanagers.ldap.getGroupsByUser.includeNested = true

    com.ibm.lwi.LDAPHost = 10.10.10.1



    what else must i add?

    com.ibm.lwi.LDAPPort = 389

    com.ibm.lwi.LDAPAdminUser = CN=Administrator,CN=Users,DC=domain,DC=local

    com.ibm.lwi.LDAPAdminPassword = 123456

    com.ibm.lwi.LDAPBase = dc=domain,dc=local
    com.ibm.lwi.searchfilter = (&(sAMAccountName=%v)(objectcategory=user))

    com.ibm.lwi.rolemanager.ldap.filters.usergroup = (|(objectCategory=group)(objectCategory=groupOfNames))

    com.ibm.lwi.rolemanager.ldap.filters.users = (|(objectCategory=person)(objectCategory=user))

    com.ibm.lwi.rolemanager.ldap.names.memberAttribute = member

    com.ibm.lwi.rolemanager.ldap.names.loginName = sAMAccountName
  • SystemAdmin
    SystemAdmin
    13279 Posts

    Re: can't config LDAP

    ‏2013-01-10T01:01:55Z  
    The securityLDAP.properties contain:
    com.ibm.lwi.rolemanagerfragment=com.ibm.lwi.security.rolemanagers.ldap.RoleManagerLdap

    com.ibm.lwi.security.jaas.jaasindex=Jaas2.LdapWithHandler

    com.ibm.lwi.security.jaas.failedLoginHandler=com.ibm.security.jaas2lwi.FailedLoginHandler
    com.ibm.lwi.security.jaas.failedLoginHandler.debug=true
    com.ibm.lwi.security.numFailedAttempts=5

    com.ibm.lwi.security.jaas.failedLoginHandler.normalizeUsernameClass=com.ibm.security.jaas2lwi.CaseNormalizeUsername

    com.ibm.lwi.security.rolemanagers.ldap.getGroupsByUser.includeNested = true

    com.ibm.lwi.LDAPHost = 10.10.10.1



    what else must i add?

    com.ibm.lwi.LDAPPort = 389

    com.ibm.lwi.LDAPAdminUser = CN=Administrator,CN=Users,DC=domain,DC=local

    com.ibm.lwi.LDAPAdminPassword = 123456

    com.ibm.lwi.LDAPBase = dc=domain,dc=local
    com.ibm.lwi.searchfilter = (&(sAMAccountName=%v)(objectcategory=user))

    com.ibm.lwi.rolemanager.ldap.filters.usergroup = (|(objectCategory=group)(objectCategory=groupOfNames))

    com.ibm.lwi.rolemanager.ldap.filters.users = (|(objectCategory=person)(objectCategory=user))

    com.ibm.lwi.rolemanager.ldap.names.memberAttribute = member

    com.ibm.lwi.rolemanager.ldap.names.loginName = sAMAccountName
    These issues are difficult to debug and most easily fixed when working with the Help Center.

    Did you encode the LDAPAdminPassword ?

    Do you have a domain group named smadmin, and is your user in that group?

    ----
    Craig Elliott
    IBM Advanced Technical Skills
  • SystemAdmin
    SystemAdmin
    13279 Posts

    Re: can't config LDAP

    ‏2013-01-10T06:02:43Z  
    These issues are difficult to debug and most easily fixed when working with the Help Center.

    Did you encode the LDAPAdminPassword ?

    Do you have a domain group named smadmin, and is your user in that group?

    ----
    Craig Elliott
    IBM Advanced Technical Skills
    Yes I have "smadmin" group in AD domain.
    Must i encoded Administrator password? Can I put in clear text or no?
  • SystemAdmin
    SystemAdmin
    13279 Posts

    Re: can't config LDAP

    ‏2013-01-18T21:31:05Z  
    Yes I have "smadmin" group in AD domain.
    Must i encoded Administrator password? Can I put in clear text or no?
    Yes, you must encode the Administrator's password in the file SecurityLDAP.properties.

    Take a look at the InfoCenter http://pic.dhe.ibm.com/infocenter/director/pubs/topic/com.ibm.director.security.helps.doc/fqm0_t_ldap_authentication.html for the syntax used to encode the password.
    ----
    Craig Elliott
    IBM Advanced Technical Skills
  • SystemAdmin
    SystemAdmin
    13279 Posts

    Re: can't config LDAP

    ‏2013-01-23T07:49:16Z  
    Yes, you must encode the Administrator's password in the file SecurityLDAP.properties.

    Take a look at the InfoCenter http://pic.dhe.ibm.com/infocenter/director/pubs/topic/com.ibm.director.security.helps.doc/fqm0_t_ldap_authentication.html for the syntax used to encode the password.
    ----
    Craig Elliott
    IBM Advanced Technical Skills
    Thank you very much!!! Now is all ok!!! I add this

    - cd C:\Program Files\IBM\Director\lwi\bin
    - lwiencoder.bat -filename securityLDAP.properties -keylist com.ibm.lwi.LDAPAdminPassword
    - net stop dirserver
    - copy securityLDAP.properties C:\Program Files\IBM\Director\lwi\conf\overrides
    - net start dirserver

    com.ibm.lwi.LDAPAdminPassword = {aes:3C6456SnKQL63SjkEy44Gs+vHF6nQzC+Dil1NzNvSiAzzk=}q2hb2A

    The securityLDAP.properties contain:

    com.ibm.lwi.rolemanagerfragment=com.ibm.lwi.security.rolemanagers.ldap.RoleManagerLdap

    com.ibm.lwi.security.jaas.jaasindex=Jaas2.LdapWithHandler

    com.ibm.lwi.security.jaas.failedLoginHandler=com.ibm.security.jaas2lwi.FailedLoginHandler
    com.ibm.lwi.security.jaas.failedLoginHandler.debug=true
    com.ibm.lwi.security.numFailedAttempts=5

    com.ibm.lwi.security.jaas.failedLoginHandler.normalizeUsernameClass=com.ibm.security.jaas2lwi.CaseNormalizeUsername

    com.ibm.lwi.security.rolemanagers.ldap.getGroupsByUser.includeNested = true

    com.ibm.lwi.LDAPHost = 10.10.10.1
    com.ibm.lwi.LDAPPort = 389

    com.ibm.lwi.LDAPAdminUser = CN=Administrator,CN=Users,DC=domain,DC=local

    com.ibm.lwi.LDAPAdminPassword = {aes:3C6456SnKQL63SjkEy44Gs+vHF6nQzC+Dil1NzNvSiAzzk=}q2hb2A

    com.ibm.lwi.LDAPBase = dc=domain,dc=local

    com.ibm.lwi.searchfilter = (&(sAMAccountName=%v)(objectcategory=user))

    com.ibm.lwi.rolemanager.ldap.filters.usergroup = (|(objectCategory=group)(objectCategory=groupOfNames))

    com.ibm.lwi.rolemanager.ldap.filters.users = (|(objectCategory=person)(objectCategory=user))

    com.ibm.lwi.rolemanager.ldap.names.memberAttribute = member

    com.ibm.lwi.rolemanager.ldap.names.loginName = sAMAccountName