Configuring multiple RTC's OUs

Leandro Leal (146●1●42●45) | asked Jun 20 '14, 5:11 p.m.

I write because I have a problem integrating RTC and LDAP (Active Directory). I have rtc users in different OUs, but the RTC settings to select only a single OU in User Base DN parameter. How I can group all the users are in different OUs using only one?. Very Thanks.

2 answers

Most liked answers|Newest answers|Oldest answers ↑

permanent link

Donald Nong (14.5k●4●14) | answered Jun 22 '14, 9:15 p.m.

You don't need to. You simple choose the top common node as the base. For example, if you have two OUs such as "ou=dept1,dc=company,dc=com" and "ou=dept2,dc=company,dc=com", then you choose "dc=company,dc=com" as the base. When configuring LDAP in either WAS or Tomcat, you can specify whether to search the entire subtree (default is yes I believe).

permanent link

Leandro Leal (146●1●42●45) | answered Jun 25 '14, 5:27 p.m.

Thanks Donald,

When I set the common root for both trees it generates a warning on the web interface code(CRJAZ1559W) and authentication fails for all users.

This is the output of catalina log:

curiously das.com.ve is not my LDAP server, my LDAP server is dasc1.das.com.ve:389

FINE: Authenticating username 'testuser'
Jun 25, 2014 4:32:22 PM org.apache.catalina.realm.JNDIRealm authenticate
SEVERE: Exception performing authentication
Throwable occurred: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: das.com.ve:389 [Root exception is java.net.SocketTimeoutException: connect timed out]]
    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:236)
    at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:183)
    at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1461)
    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1291)
    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1247)
    at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1188)
    at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1046)
    at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:295)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:450)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:309)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:906)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:929)
    at java.lang.Thread.run(Thread.java:761)

Comments

Donald Nong commented Jun 25 '14, 9:16 p.m.

It could be that your LDAP server is part of an Active Directory Forest and the common root actually starts from a central server (such as das.comve). It becomes a bit complicated now. You may have to talk to your network administrator to understand the network topology in order to come up with a solution. Consult your network administrator whether Global Catalog will work for you or not.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

It's all about the answers!

Related questions

Configuring multiple RTC's OUs

2 answers

Your answer