Topic
  • 8 replies
  • Latest Post - ‏2013-02-07T23:57:58Z by SystemAdmin
SystemAdmin
SystemAdmin
300 Posts

Pinned topic Configure ADFS in bootstrap.properties for ACL

‏2013-01-22T07:51:48Z |
Hi
I am trying to configure the ACL using the LDAP based on ADFS in the bootstrap.properties file. I have tried everything but i am not able to get it working.Attached is the screenshot of the ADFS strucure i am using. Can anybody tell me the exact values which i need to set for the below parameters

ibm.appcenter.ldap.active=true
ibm.appcenter.ldap.connectionURL="ldap://172.16.16.55:389"
ibm.appcenter.ldap.user.base="CN=Users,DC=paxggndc11,DC=com"
ibm.appcenter.ldap.user.loginName=cn
ibm.appcenter.ldap.user.displayName=cn
ibm.appcenter.ldap.group.base="CN=Users,DC=paxggndc11,DC=com"
ibm.appcenter.ldap.group.name=cn
ibm.appcenter.ldap.group.uniquemember=member
ibm.appcenter.ldap.user.groupmembership=memberOf
  • SystemAdmin
    SystemAdmin
    300 Posts

    Re: Configure ADFS in bootstrap.properties for ACL

    ‏2013-01-22T10:34:41Z  
    Hi,

    What is your problem exactly ? Can you connect to the AppCenter Console ?
    It seems that you use Liberty Profile. What is the registry you use to connect to the console: Basic or LDAP (it is defined in the server.xml file) ?

    Also check that you have no exception in the Liberty Profile logs directory.

    Thanks.
  • SystemAdmin
    SystemAdmin
    300 Posts

    Re: Configure ADFS in bootstrap.properties for ACL

    ‏2013-01-22T10:37:18Z  
    Hi,

    What is your problem exactly ? Can you connect to the AppCenter Console ?
    It seems that you use Liberty Profile. What is the registry you use to connect to the console: Basic or LDAP (it is defined in the server.xml file) ?

    Also check that you have no exception in the Liberty Profile logs directory.

    Thanks.
    I am using the basic registry to login to the console of the App Center. I want to configure the users and groups for the Access control list based on the LDAP registry of which i have attached the screenshot.
  • SystemAdmin
    SystemAdmin
    300 Posts

    Re: Configure ADFS in bootstrap.properties for ACL

    ‏2013-01-22T10:49:07Z  
    I am using the basic registry to login to the console of the App Center. I want to configure the users and groups for the Access control list based on the LDAP registry of which i have attached the screenshot.
    What is your ACL search string ? Does it mean that the search returns no entry ? (can you send the screenshot of the ACL search in AppCenter)

    Thanks.
  • SystemAdmin
    SystemAdmin
    300 Posts

    Re: Configure ADFS in bootstrap.properties for ACL

    ‏2013-01-22T10:52:41Z  
    What is your ACL search string ? Does it mean that the search returns no entry ? (can you send the screenshot of the ACL search in AppCenter)

    Thanks.
    http://localhost:9080/applicationcenter/service/principal/?start=0&orderBy=displayName&pageSize=50&page=0&fromIndex=0&searchFor=test2&searchScope=displayName&type=ldapuser&excludeDefaults=true
  • SystemAdmin
    SystemAdmin
    300 Posts

    Re: Configure ADFS in bootstrap.properties for ACL

    ‏2013-01-22T11:05:53Z  
    http://localhost:9080/applicationcenter/service/principal/?start=0&orderBy=displayName&pageSize=50&page=0&fromIndex=0&searchFor=test2&searchScope=displayName&type=ldapuser&excludeDefaults=true
    The request is correct.
    So set the follwing trace in the server.xml file :
    <logging traceSpecification="*=info=enabled:com.ibm.puremeap.*=all" traceFormat="ADVANCED"/>

    and retest the request.
    Then attach the trace.log file.
  • SystemAdmin
    SystemAdmin
    300 Posts

    Re: Configure ADFS in bootstrap.properties for ACL

    ‏2013-01-22T11:12:39Z  
    The request is correct.
    So set the follwing trace in the server.xml file :
    <logging traceSpecification="*=info=enabled:com.ibm.puremeap.*=all" traceFormat="ADVANCED"/>

    and retest the request.
    Then attach the trace.log file.
    PFA

    Looks like issue is at line
    THROW
    javax.naming.NamingException: LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1\u0000; remaining name 'CN=Users'

    Attachments

  • SystemAdmin
    SystemAdmin
    300 Posts

    Re: Configure ADFS in bootstrap.properties for ACL

    ‏2013-01-23T08:02:36Z  
    PFA

    Looks like issue is at line
    THROW
    javax.naming.NamingException: LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1\u0000; remaining name 'CN=Users'
    In fact your LDAP server requires security binding (anonymous users are not authorized to search inside the LDAP, so credentials are needed when binding to the LDAP). Unfortunately in V505 this feature is not availabl. We are considering to integrate it in a future release.

    Thanks.
  • SystemAdmin
    SystemAdmin
    300 Posts

    Re: Configure ADFS in bootstrap.properties for ACL

    ‏2013-02-07T23:57:58Z  
    PFA

    Looks like issue is at line
    THROW
    javax.naming.NamingException: LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1\u0000; remaining name 'CN=Users'
    Note: IBM forums are in the process of migrating to a new format. During migration the forums will be frozen and in read-only mode. If you wish to continue this thread discussion please post it on stackoverflow, where the Worklight team and others can respond.

    See the Forum Migration announce post for more details. Thank you.

    Barbara Hampson, Manager, IBM Worklight