HiWe are having problems getting LDAP to work. We are able to login but cannot get access to the admin tabs, so I believe that the system is just ignoring the groups set up in AD.Here is a rundown of the LDAP settings in our config file just in case I am missing something obvious. <ldapAdapter>
<ldapConnectionProperties
providerURL="ldap://********:389"
initialContextFactoryName="com.sun.jndi.ldap.LdapCtxFactory"
securityAuthentication="simple"
securityProtocol="">
<ldapServiceAccount
securityPrincipal="CN=gptadmin,CN=Users,DC=********,DC=local"
securityCredentials="*******"
encrypted="false"
catalogAdminDN="CN=gptadmin,CN=Users,DC=********,DC=local"/>
</ldapConnectionProperties>
<singleSignOn
active="false"
credentialLocation="userPrincipal"
anonymousValue=""
logoutOutcome=""/>
<selfCareSupport
supportsLogin="true"
supportsLogout="true"
supportsUserRegistration="true"
supportsUserProfileManagement="true"
supportsPasswordChange="true"
supportsPasswordRecovery="true"/>
<roles authenticatedUserRequiresRole="true">
<role
key="gptRegisteredUser"
resKey="catalog.role.gptRegisteredUser"
manage="true"
forbidden="false"
groupDN="CN=gpt_registeredusers,CN=Users,DC=********,DC=local"/>
<role
key="gptPublisher"
inherits="gptRegisteredUser"
resKey="catalog.role.gptPublisher"
manage="true"
forbidden="false"
groupDN="CN=gpt_publishers,CN=Users,DC=********,DC=local"/>
<role
key="gptAdministrator"
inherits="gptPublisher"
resKey="catalog.role.gptAdministrator"
manage="true"
forbidden="false"
groupDN="CN=gpt_administrators,CN=Users,DC=********,DC=local"/>
</roles>
<users
displayNameAttribute="sAMAccountName"
passwordEncryptionAlgorithm="SHA"
newUserDNPattern="cn={0},CN=Users,DC=********,DC=local"
usernameSearchPattern="(&(objectclass=person)(sAMAccountName={0}))"
searchDIT="CN=Users,DC=******,DC=local"/>
<requiredObjectClasses>
<objectClass name="top"/>
<objectClass name="person"/>
<objectClass name="organizationalPerson"/>
<objectClass name="inetOrgPerson"/>
</requiredObjectClasses>
<userAttributeMap>
<attribute key="username" ldapName="sAMAccountName"/>
<attribute key="password" ldapName="userPassword"/>
<attribute key="email" ldapName="mail"/>
<attribute key="firstName" ldapName="givenName"/>
<attribute key="lastName" ldapName="sn"/>
<attribute key="displayName" ldapName="displayName"/>
<attribute key="organization" ldapName="o"/>
<attribute key="affiliation" ldapName="businessCategory"/>
<attribute key="street" ldapName="street"/>
<attribute key="city" ldapName="l"/>
<attribute key="stateOrProv" ldapName="st"/>
<attribute key="postalCode" ldapName="postalCode"/>
<attribute key="country" ldapName=""/>
<attribute key="phone" ldapName="telephoneNumber"/>
</userAttributeMap>
</users>
<groups
displayNameAttribute="cn"
dynamicMemberOfGroupsAttribute=""
dynamicMembersAttribute=""
memberAttribute="member"
memberSearchPattern="(&(objectclass=group)(member:1.2.840.113556.1.4.1941:={0}))"
searchDIT="CN=Users,DC=********,DC=local"/>
<!--
<metadataManagementGroup
name="Region 1"
groupDN="group_distinguished_name"/>
<metadataManagementGroup
name="Region 2"
groupDN="group_distinguished_name"/>
-->
</groups>
</ldapAdapter>
Hope someone can help.ThanksRob