Klaros 3.4.7 against win2k3 AD (LDAP) not working - Klaros Test Management - Forum - Klaros Test Management
Klaros 3.4.7 against win2k3 AD (LDAP) not working
Christian Bold, modified 12 Years ago.
Klaros 3.4.7 against win2k3 AD (LDAP) not working
Youngling Posts: 2 Join Date: 12/5/11 Recent Posts
Hi*,
i am currently setting up Klaros 3.4.7 .
Klaros itself is running.
Just the LDAP is not working.
I set up LDAP entries within the Auth / LDAP Section that are working for the Search Bindings.
Web Log shows: The LDAP search has been successful, XYZ users found
Iam trying to set up the following:
Klaros User ID / Account Name shall be the same, as the "samAccountName" from Win2k3 Active Directory.
Klaros shall start a binding with the AD to check if the entered password matches to Win AD Password.
Assume the following AD environment:
[indent]samAccountName: jdoe
displayname: John Doe
userPrincipalName: jdoe@domain.local
LDAP Object: cn=John Doe,cn=users,dc=domain,dc=local
[/indent]
So i configured within the Klaros LDAP Auth menu the following:
User Name Attribute: samAccountName
User Password Attribute: userpassword (also tried unicodePwd)
User Context DN: cn=users,dc=domain,dc=local
User DN Prefix: samAccountName=
User DN Suffix: ,cn=users,dc=domain,dc=local
User Object Classes: person, user
First Name Attribute: givenName
Last Name Attribute: sn
But i am not able to logon with that user.
i tried some options for the DN Prefix / DN Suffix, e.g.
an empty User DN Prefix:
with User DN Suffix:@domain.local
also set up an "userpassword" entry via adsieditor, but its not alloowing to logon via LDAP.
Can you give me a hint for this?
Regards
Christian Bold
i am currently setting up Klaros 3.4.7 .
Klaros itself is running.
Just the LDAP is not working.
I set up LDAP entries within the Auth / LDAP Section that are working for the Search Bindings.
Web Log shows: The LDAP search has been successful, XYZ users found
Iam trying to set up the following:
Klaros User ID / Account Name shall be the same, as the "samAccountName" from Win2k3 Active Directory.
Klaros shall start a binding with the AD to check if the entered password matches to Win AD Password.
Assume the following AD environment:
[indent]samAccountName: jdoe
displayname: John Doe
userPrincipalName: jdoe@domain.local
LDAP Object: cn=John Doe,cn=users,dc=domain,dc=local
[/indent]
So i configured within the Klaros LDAP Auth menu the following:
User Name Attribute: samAccountName
User Password Attribute: userpassword (also tried unicodePwd)
User Context DN: cn=users,dc=domain,dc=local
User DN Prefix: samAccountName=
User DN Suffix: ,cn=users,dc=domain,dc=local
User Object Classes: person, user
First Name Attribute: givenName
Last Name Attribute: sn
But i am not able to logon with that user.
i tried some options for the DN Prefix / DN Suffix, e.g.
an empty User DN Prefix:
with User DN Suffix:@domain.local
also set up an "userpassword" entry via adsieditor, but its not alloowing to logon via LDAP.
Can you give me a hint for this?
Regards
Christian Bold
Torsten Stolpmann, modified 12 Years ago.
RE: Klaros 3.4.7 against win2k3 AD (LDAP) not working
Jedi Council Member Posts: 755 Join Date: 2/12/09 Recent Posts
Hi Christian,
If these are the user entries you intend to authenticate you should be almost there.
This may be a typo but shouldn't that be userPassword instead?
If you have something like Apache Directory Studio or the like at hand you should be able to determine the correct name of the user password attribute.
Hope this helps,
Torsten
Web Log shows: The LDAP search has been successful, XYZ users found
If these are the user entries you intend to authenticate you should be almost there.
User Password Attribute: userpassword (also tried unicodePwd)
This may be a typo but shouldn't that be userPassword instead?
If you have something like Apache Directory Studio or the like at hand you should be able to determine the correct name of the user password attribute.
Hope this helps,
Torsten
Christian Bold, modified 12 Years ago.
RE: Klaros 3.4.7 against win2k3 AD (LDAP) not working
Youngling Posts: 2 Join Date: 12/5/11 Recent PostsTorsten Stolpmann:
Hi Christian,
If these are the user entries you intend to authenticate you should be almost there.
Web Log shows: The LDAP search has been successful, XYZ users found
If these are the user entries you intend to authenticate you should be almost there.
Hi Torsten, yes this fits with the sum of user accounts.
User Password Attribute: userpassword (also tried unicodePwd)
This may be a typo but shouldn't that be userPassword instead?
You are Right, was just a typo while posting.
If you have something like Apache Directory Studio or the like at hand you should be able to determine the correct name of the user password attribute.
Hope this helps,
Torsten
I just tried our that Apache Studio LDAP Client, but the already used Adsieditor (Windows internal Tool) has analog features.
Currently i am not able to identicate the LDAP Object, where the Windows PW is stored.
Also setting the userPassword with a clear Text Password is not working.
Would it be possible to change the used LDAP Auth Mode or Provider Class?
Maybe using one like
http://www.opensymphony.com/osuser/api/com/opensymphony/user/provider/ldap/LDAPCredentialsProvider.html
I am also not really sure about the Enabled Attribute, should something like "memberof=KlarosUsers" work (assumed KlarosUsers would be a LDAP Group)?