Configuring multiple RTC's OUs
I write because I have a problem integrating RTC and LDAP (Active Directory). I have rtc users in different OUs, but the RTC settings to select only a single OU in User Base DN parameter. How I can group all the users are in different OUs using only one?. Very Thanks.
|
2 answers
You don't need to. You simple choose the top common node as the base. For example, if you have two OUs such as "ou=dept1,dc=company,dc=com" and "ou=dept2,dc=company,dc=com", then you choose "dc=company,dc=com" as the base. When configuring LDAP in either WAS or Tomcat, you can specify whether to search the entire subtree (default is yes I believe).
|
Thanks Donald,
When I set the common root for both trees it generates a warning on the web interface code( ) andauthentication fails for all users. This is the output of catalina log:
curiously das.com.ve is not my LDAP server, my LDAP server is dasc1.das.com.ve:389
FINE: Authenticating username 'testuser' Jun 25, 2014 4:32:22 PM org.apache.catalina.realm.JNDIRealm authenticate SEVERE: Exception performing authentication Throwable occurred: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: das.com.ve:389 [Root exception is java.net.SocketTimeoutException: connect timed out]] at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:236) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:183) at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1461) at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1291) at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1247) at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1188) at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1046) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:295) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:450) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:309) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:906) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:929) at java.lang.Thread.run(Thread.java:761) Comments
Donald Nong
commented Jun 25 '14, 9:16 p.m.
It could be that your LDAP server is part of an Active Directory Forest and the common root actually starts from a central server (such as das.comve). It becomes a bit complicated now. You may have to talk to your network administrator to understand the network topology in order to come up with a solution. Consult your network administrator whether Global Catalog will work for you or not.
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.