It's all about the answers!

Ask a question

Configuring multiple RTC's OUs

Leandro Leal (14613645) | asked Jun 20 '14, 5:11 p.m.
I write because I have a problem integrating RTC and LDAP (Active Directory). I have rtc users in different OUs, but the RTC settings to select only a single OU in User Base DN parameter. How I can group all the users are in different OUs using only one?. Very Thanks.

2 answers

permanent link
Donald Nong (14.4k314) | answered Jun 22 '14, 9:15 p.m.
 You don't need to. You simple choose the top common node as the base. For example, if you have two OUs such as "ou=dept1,dc=company,dc=com" and "ou=dept2,dc=company,dc=com", then you choose "dc=company,dc=com" as the base. When configuring LDAP in either WAS or Tomcat, you can specify whether to search the entire subtree (default is yes I believe).

permanent link
Leandro Leal (14613645) | answered Jun 25 '14, 5:27 p.m.
Thanks Donald,

When I set
the common root for both trees it generates a warning on the web interface code(
CRJAZ1559W) and authentication fails for all users.

This is the output of catalina log:

curiously is not my LDAP server, my LDAP server is

FINE: Authenticating username 'testuser'
Jun 25, 2014 4:32:22 PM org.apache.catalina.realm.JNDIRealm authenticate
SEVERE: Exception performing authentication
Throwable occurred: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: [Root exception is connect timed out]]
    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(
    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(
    at org.apache.catalina.realm.JNDIRealm.getUserBySearch(
    at org.apache.catalina.realm.JNDIRealm.getUser(
    at org.apache.catalina.realm.JNDIRealm.getUser(
    at org.apache.catalina.realm.JNDIRealm.authenticate(
    at org.apache.catalina.realm.JNDIRealm.authenticate(
    at org.apache.catalina.authenticator.FormAuthenticator.authenticate(
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
    at org.apache.catalina.core.StandardHostValve.invoke(
    at org.apache.catalina.valves.ErrorReportValve.invoke(
    at org.apache.catalina.authenticator.SingleSignOn.invoke(
    at org.apache.catalina.core.StandardEngineValve.invoke(
    at org.apache.catalina.connector.CoyoteAdapter.service(
    at org.apache.coyote.http11.AbstractHttp11Processor.process(
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(
    at java.util.concurrent.ThreadPoolExecutor$

Donald Nong commented Jun 25 '14, 9:16 p.m.

It could be that your LDAP server is part of an Active Directory Forest and the common root actually starts from a central server (such as das.comve). It becomes a bit complicated now. You may have to talk to your network administrator to understand the network topology in order to come up with a solution. Consult your network administrator whether Global Catalog will work for you or not.

Your answer

Register or to post your answer.