It's all about the answers!

Ask a question

Configuring multiple RTC's OUs


Leandro Leal (14613645) | asked Jun 20 '14, 5:11 p.m.
I write because I have a problem integrating RTC and LDAP (Active Directory). I have rtc users in different OUs, but the RTC settings to select only a single OU in User Base DN parameter. How I can group all the users are in different OUs using only one?. Very Thanks.

2 answers



permanent link
Donald Nong (14.4k314) | answered Jun 22 '14, 9:15 p.m.
 You don't need to. You simple choose the top common node as the base. For example, if you have two OUs such as "ou=dept1,dc=company,dc=com" and "ou=dept2,dc=company,dc=com", then you choose "dc=company,dc=com" as the base. When configuring LDAP in either WAS or Tomcat, you can specify whether to search the entire subtree (default is yes I believe).

permanent link
Leandro Leal (14613645) | answered Jun 25 '14, 5:27 p.m.
Thanks Donald,

When I set
the common root for both trees it generates a warning on the web interface code(
CRJAZ1559W) and authentication fails for all users.

This is the output of catalina log:

curiously  das.com.ve is not my LDAP server, my LDAP server is dasc1.das.com.ve:389

FINE: Authenticating username 'testuser'
Jun 25, 2014 4:32:22 PM org.apache.catalina.realm.JNDIRealm authenticate
SEVERE: Exception performing authentication
Throwable occurred: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: das.com.ve:389 [Root exception is java.net.SocketTimeoutException: connect timed out]]
    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:236)
    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:183)
    at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1461)
    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1291)
    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1247)
    at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1188)
    at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1046)
    at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:295)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:450)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:309)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:906)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:929)
    at java.lang.Thread.run(Thread.java:761)

Comments
Donald Nong commented Jun 25 '14, 9:16 p.m.

It could be that your LDAP server is part of an Active Directory Forest and the common root actually starts from a central server (such as das.comve). It becomes a bit complicated now. You may have to talk to your network administrator to understand the network topology in order to come up with a solution. Consult your network administrator whether Global Catalog will work for you or not.

Your answer


Register or to post your answer.